Slack pulls leaked creds
Messaging system Slack has plugged last week's chatbot vulnerability.
As disclosed last week by Detectify, Slack developers creating custom corporate chatbots were leaving login access tokens in source code uploaded to Github.
Slack has sent a response to Detectify, here, in which it says it is permanently deactivating the leaked tokens.
Slack notes the action “may cause some disruption for your or your team, such as a bot being disabled”, but security, in this case, has to trump convenience.
It's also contacting developers, letting them know the tokens have been pulled and offering support to get their chatbots talking again. ®