Irina Nesterovsky, Chief Research Officer
In our first post referencing Slack and the corporate attack surface, we revealed the 12,000+ credentials to Slack workspaces that were available for sale on various cybercrime underground markets, representing the explicit threat for thousands of organizations. However, at the time, examination of both open-source reporting and cybercrime communities didn’t reveal a lot of attacker-interest in the platform. Though a steady interest may still not be apparent, what is clear is that the number of compromised credentials has grown, and another instance in which Slack credentials have been abused appears once again. Now, a year later from the release of Part 1, we have dived back into those same sources to see what exactly has transformed over the last year, and what the dangers of compromised Slack credentials really may be.