Workplace communication and collaboration platform Slack disclosed earlier this week that a major security vulnerability within its system was patched.
While it’s good news that the security hole is closed, the flaw would have allowed a hacker to have full access to user accounts and all of the data associated with them, including chat histories, shared files and any group chats/channels a user used.
According to a report from Wired, the vulnerability was submitted to Slack’s bug bounty program by security researcher Frans Rosén last month. Upon receiving Rosén’s submission, the company quickly addressed the bug and checked back through its logs to ensure no bad actors had exploited it.
“This bug is exactly why we invest in our public bug bounty program,” a Slack spokesperson explained. “The added brainpower of the developer and security communities is invaluable in keeping the service safe for everyone.”
Though Slack was able to patch the vulnerability in just five hours, the fact that the platform has more than 4 million active users still brings up concern over such a serious security flaw going unnoticed.
As Wired noted, the fact that a hacker could have potentially accessed user accounts and taken control left a significant amount of valuable data at risk.
Not too long ago it seemed that the “good guys” had the upper hand on fraudsters when it came to the account takeover battle. Both the number of incidences of account takeover and the amount of money lost to fraudsters using the method hit a low point in 2014.
But in the years since, hackers and other bad actors have developed and begun using more intelligent and sophisticated techniques and methods in order to penetrate databases and gain access to user credentials. As a result, account takeovers have steadily been on the rise since, and it seems fraudsters have begun to win back ground.
Account takeovers caused more than $2.3 billion in losses last year. That was a 61 percent increase in the money lost to fraudsters using the method compared to 2015, while there was a 31 percent increase in the amount of account takeover incidents compared to 2015.