- CYBERNWS TEAM FINDING AN AI-driven Slack tool Delicious Data Online
- Gitlab commits and the relaxed hug conversations are postponed
- The company was notified but has not responded yet
CyberSecurity researchers have discovered that an AI tool for Slack delicious private user data, including chat messages and other communication.
The tool is called Struct chat and is designed to improve the productivity of slack. It offers features such as organizing and summarizing threads, answering questions and generating newsletters and costs $ 29.95 per day. Month.
In mid -October 2024 Cygenerws Researchers found a “company-owned unprotected web service” streaming user data. The exposed body was an Apache Kafka broker, a real-time distributed message streaming platform.
Takes appropriate actions
As the researchers explained, this platform served as a central hub to move data between different applications. As such, it handles large amounts of data and is a popular goal.
“While we observed the data stream for a short period of time, we encountered examples of Gitlab obligations, relaxing conversations and data from other services. This allows threat actors to track and read messages and other real -time events and extract sensitive company and personal information without restrictions, ”the researchers said.
Here is the full list of exposed information:
- Tokens, IDs, front and last names
- E -mail addresses
- Conversations with other users and bot ai, timestamps
- Internal team names and other general information
- Event Data and Type (what the user is doing, for example, updating the slack profile)
- Links to pipelines, internal URLs, CD/CI (continuous integration and continuous implementation) status
Allegedly, the company, which developed this tool, also called Struct chat, was informed of the results several times. From January 27, the leak has not yet been treated.
“In one hour, the unprotected body transmitted data from over 1,000 unique users from 200 unique companies. This leakage can easily be utilized to collect users’ personally identifiable information, such as full names, E -mail addresses, chats and other internal communication, various internal links and resources, ”concluded Cyberernws researchers and encouraged all users to be careful and” take appropriate action ”.
Via Cygenerws
