An anonymous reader writes: Thursday one technology site reported that thousands of developers building bots for the team-collaboration tool Slack were exposing their login credentials in public GitHub repositories and tickets. “The irony is that a lot of these bots are mostly fun ‘weekend projects’, reported Detectify. “We saw examples of fit bots, reminding you to stretch throughout the day, quote bots, quoting both Jurassic Park…and Don Quixote….”
Slack responded that they’re now actively searching for publicly-posted login credentials, “and when we find any, we revoke the tokens and notify both the users who created them, as well as the owners of affected teams.” Detectify notes the lapse in security had occurred at a wide variety of sites, including “Forbes 500 companies, payment providers, multiple internet service providers and health care providers… University classes at some of the world’s best-known schools. Newspapers sharing their bots as part of stories. The list goes on and on…”
Read more of this story at Slashdot.
Original URL: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/c0KJwabSZ7w/slack-to-disable-thousands-of-logins-leaked-on-github