The Cybernews team finds a slack tool with AI is filtering online data Gitlab Commits and Slack Huddle conversations are being exposed The company was notified, but it has not yet reacted
Cybersecurity researchers have discovered that a Slack AI tool is filtering data from private users, including chat messages and other communication.
The tool is called Struct Chat and is designed to improve productivity within Slack. It offers characteristics such as organizing and summarizing threads, answering questions and generating newsletters, and costs $ 29.95 per month.
In mid -October 2024, the Cybernews The researchers found an “unprotected web service” that transmits user data. The exposed instance was an Apache Kafka corridor, a real -time distributed messages transmission platform.
Take appropriate measures
As the researchers explained, this platform acted as a central center to move data between different applications. As such, it manages large amounts of data and is a popular objective.
“While we observe the data flow for a brief period, we find examples of gitlab comfort, Hendd conversations and data from other services. This allows threat actors to track and read messages and other events in real time and extract personal and personal information without restrictions, ”said the researchers.
Here is the complete list of exposed information:
Tokens, IDS, first and surnames
Email addresses
Conversations with other users and the AI bot, time brands
Internal team names and other general information
Data and types of events (what the user is doing, for example, updating the Slack profile)
Internal URL Links, URLs, CD/CI (Continuous Integration and Continuous Implementation) states
Supposedly, the company that develops this tool, also called Struct Chat, was notified about the findings several times. However, as of January 27, the escape has not yet been addressed.
“In an hour, the unprotected instance transmitted data of more than 1,000 unique users of 200 unique companies. This filtration can be easily exploited to collect the personal identification information of users, such as full names, email addresses, chats and other internal communications, several internal links and resources, “Cybernews researchers concluded, urging all users to be careful and “take appropriate. action”.
Through Cybernews
You may also like
