Business

Slack admits to serious security vulnerability

Christian Erxleben
Christian Erxleben
Pexels.com / Mikhail Nilov

Slack is one of the most popular communication tools – this is especially true for remote working companies. Now the messenger has admitted to a flaw in an email. The Slack security vulnerability has led to unauthorized people being able to read closed chats.

The popular office messenger Slack has experienced a security flaw that went unnoticed for several months.

This is according to an official mail from the company, which BASIC thinking has obtained.

Slack vulnerability: What happened?

Anyone who invites new users to an existing, closed channel on Slack can choose between two options:

  1. The inviting person archives the existing channel and creates a new one, which can then be accessed by all old and new members. This way, new users cannot see old messages and documents.
  2. The inviting person adds the new user to the existing channel. In this case, the new member can see all old messages and documents.

During the same invitation process, a software error occurred for users who were added to an archived Slack channel via the iOS client.

As a result, all new users were able to see the old messages, files and documents of the closed chat despite the settings made.

Slack security vulnerability: Who is affected?

The Slack vulnerability occurred in all versions of the iOS client between December 10, 2020 and June 10, 2021. According to Slack, new users who were added to existing closed chats during this period sometimes had insights into the documents that were actually hidden.

In the corresponding info mail, Slack explains that it was informed about the security vulnerability on June 2, 2021. By updating the iOS client to version 21.06.11, the problem has been fixed since June 7, 2021. However, the corresponding email did not go out until the beginning of July 2021.

What can I do if I am affected by the Slack security vulnerability?

In its email, the office messenger advises all affected companies and the responsible administrators that all iOS users should update the application. Until this happens, it is not possible to add new users to closed channels.

Likewise, Slack informs that the affected users have been removed from the corresponding channels. At the latest, they can no longer access the actually secret chats and files.

Share this Article
By Christian Erxleben
Follow:
Christian Erxleben is a journalist from Nuremberg, Germany. He is also the editor in chief of the famous German online magazine BASIC thinking. His interests include social media, marketing and tech. Follow him on Twitter.
Previous Article Amazon terminates employees – via bot!
Next Article Historic regulatory fine: YouTube must pay 100,000 euros

Stay Connected

Latest News

11 Tips For Developing An International PR Strategy
Man and robot with computers sitting together in workplace
AI can give you up to 25 percent more salary – says study
ios17-5-1
iOS 17.5.1: Apple releases emergency update – due to data protection glitch
wasserkraftwerke-methan
Hydropower plants cause massive methane emissions – but there is a solution
gpt-4o
GPT-4o: All information about the new ChatGPT version of OpenAI
Hybrid electric car charging power battery using pump cable, visual graphic banner copyspace blue city sunset bokeh background modern futuristic concept. Innovative eco energy resources fuel vehicle.
60 percent less CO2 – if the EU produces batteries for e-cars itself
Lost your password?