Slack Corporate messenger

Main article: Instant Messenger (IM)

Slack is a corporate messenger created by Stuart Butterfield and launched in February 2014. The name Slack comes from the phrase "Searchable Log of All Conversation and Knowledge," that is, "Conversation and Data Log with Search Function." Slack allows team members to communicate in channels, private groups and directly with each other, as well as search for the contents of conversations. Slack can integrate with services such as Google Drive, Trello, Dropbox, Box, Heroku, IBM Bluemix, Crashlytics, GitHub, Runscope and Zendesk.

The free version of Slack allows you to integrate up to 10 third-party services, search 10 thousand of the latest messages, but only talk by video call one-on-one. But on the other hand, emoji can react to the interlocutor's speech - for example, "raise your hand" when you want to ask a question, thank you or agree.

In the minimum paid tariff, you will have to upload from $8 per user per month, but for this money video calls for 15 participants, countless third-party applications and access to guest accounts for those who do not work in the company will be available. However, for all its convenience, Slack is not the best service for video calls and should be chosen only if your company communicates in it and only in it, and video calls are an optional part for business and the number of participants is small. In addition, for example, the much more advanced Zoom video calls have the function of creating a video call in Slack.

Maximum number of participants: 15

Fares: basic version is free, paid fares from $8 per month per user (from $6.67 with annual payment).

2024: Disabling Russian accounts

Corporate messenger Slack in mid-June 2024 began notifying Russian users about the upcoming suspension of their accounts within 30 days. The reason was the sanctions imposed by the United States, prohibiting the provision of software and IT services to Russia.

According to the company's letter, these measures are conditioned on compliance with sanctions and export control laws of the United States, the European Union and other jurisdictions. According to RIA Novosti, the US Treasury announced new sanctions against Russia, which will enter into force on September 12, 2024. As part of these measures, IT consulting and design services, IT support and cloud services for enterprise management software, as well as software for design and production, are banned.

Unsplash

Slack complies with sanctions and export control laws of the United States, the European Union and other applicable jurisdictions, including restrictions on the provision of software and services to Russia. Our data indicate that your account is based in Russia, primarily used by users from Russia, or otherwise associated with distribution in Russia. Unfortunately, due to applicable law, we have to suspend your account and will suspend it after 30 days.

According to Pavel Potekhin, Executive Director of MTS Link, companies that have acquired a license to use Slack abroad also receive blocking notifications. This emphasizes the breadth of the application of sanctions and their impact on Russian business.

Earlier, Slack has already begun to disconnect some of its customers in Russia due to international sanctions. In February 2024, information appeared that Slack sent notifications to Russian users about blocking accounts registered to email addresses in the.ru zone, starting March 21, 2024.^[1]

2022

Data breach after cyber attack

On December 31, 2022, a corporate messenger Slack reported a hacker attack, as a result of which attackers gained access to some private repositories of the service on. GitHub

As it became known, on December 29, 2022, suspicious activity was recorded in the Slack account on GitHub. Further investigation revealed that a limited number of Slack employee tokens were stolen and used to gain unauthorized access to the messenger's GitHub account. Cybercriminals managed to download closed program code from repositories. It is emphasized that the personal data of Slack users remained intact. The attackers were also unable to steal the files of the service's main code base.

Closed sources on GitHub were stolen from the Slack corporate messenger

Our customers were not injured, no user action is required, and the incident was quickly resolved. Since we take security, privacy and transparency very seriously, we share the details of the incident, Slack said in a notice.

According to available information, unauthorized access was not the result of a vulnerability in Slack services. The company continues to investigate and is studying the possible consequences of the hacker attack. The stolen tokens have already been changed - attackers' access to private Slack repositories on GitHub is closed. A preliminary analysis of the incident suggests that the invasion did not affect the Slack working environment or any other areas of the messenger infrastructure. This attack did not affect the overall performance of the platform. Repositories, in addition to code libraries, usually contain related documentation, various notes, and some other data. Whether this information was stolen during the hack is not specified.^[2]

Outage of customers in Russia amid crisis in Ukraine

In March 2022, the corporate messenger Slack confirmed the disconnection of customers from Russia in connection with international sanctions and the policy of the parent company Salesforce against the background of Russia's special operation in Ukraine.

"Slack must take measures to comply with the sanctions norms of the United States and other countries where we work," the message says. In some cases, the company will suspend accounts without notice.

Restrictions in the work of Slack apply mainly to organizations that have fallen under direct sanctions.

2020: As part of the Remote package from Tinkoff Mobile

On April 7, 2020, Tinkoff Mobile launched a batch offer "Remote" with unlimited traffic for remote work applications - online services for working communication Zoom, Slack, Microsoft Teams, Skype, as well as a project management service Trello. Read more here.

2019: Vulnerability allowing outsiders to access private business talks

On December 23, 2019, it became known that Polyrize experts discovered a critical vulnerability in the Slack service, which allows outsiders to access files posted in closed channels for a limited number of people.

The bug is related to how file sharing ("sharing") is implemented inside Slack. Publications in the so-called "workspace" can be made in an open channel ("conversation," conversation), accessible to everyone who has an account in this workspace. There is also a variant for publishing a file in a private channel, where access is possible only at the invitation of its administrators.

In theory, files shared inside a private channel are available only to its current users. In practice, things are somewhat different. Polyrize experts found that if a private channel shares a file published earlier in another channel or a conversation, restrictions on access to it do not apply.

Polyrize representatives noted that since Slack users have information only about the private channels in which they are members, file owners cannot find out in any way whether their file has been published in some other private conversation.

Experts noted that this vulnerability can be confirmed not only through the Slack graphical interface, but also using API requests to the service regarding the target file.

"We understand how important file security is to Slack users. The described is typical only for two types of files: snippets and posts (these are two options for sharing and working together on larger content in Slack). Most of the files that are shared in Slack do not belong to these two types. When providing common access to snippets and posts in private channels or direct messages, only channel participants and message recipients can see them or find them through search. When publishing snippets and posts in public channels, everyone connected to the workspace can see the publication data or find it through search. This is planned behavior. We acknowledge that the presence of the "Unshare" button can be confusing since the way you comment under snippets and posts has been changed. We appreciate Polyrize for bringing this issue to our attention. We plan to fix the interface, but the security model while providing common access to snippets and posts will remain unchanged, " noted a representative of Slack

" Based on Slack's comments, they don't see this as a sensitive data security issue. Although, by and large, such "planned behavior" opens up very significant opportunities for data leaks. And the only option to protect yourself from this is to strictly control who exactly is given access to what documents. Or not to use Slack for these purposes, " noted Anastasia Melnikova, information security expert at SEC Consult Services[3]

2018: Blocking user accounts in sanctioned countries

In December 2018, Slack began blocking accounts for visiting countries that fell under US sanctions. The administration of the corporate messenger explained this by errors when updating the geolocation system.

Complaints about the blocking of accounts in Slack began to appear on December 20. The letters that users received from the messenger said that the reason for the blocking was to visit regions from the US sanctions list. We are talking about Crimea, Cuba, Iran, North Korea and Syria.

Slack began to block users who visited Crimea

TechCrunch writes that users of free public Slack groups received notifications. Access to paid accounts has been preserved in almost all cases. Those who in recent years have talked on social networks about trips to Iran have suffered from the blockages. The company apologized for what happened and gave explanations:

We are aware of the inconvenience this has caused and sincerely apologise to those affected by our actions... We have updated our system for applying geolocation information, which is based on IP addresses. This has led to the deactivation of accounts linked to embargoed countries. We use only IP addresses to perform these actions and do not have information about the nationality or ethnicity of our users.

Slack has restored access to most of the blocked accounts. In the future, it is planned to restrict access to the service from sub-sanctioned territories, but not block accounts using the corresponding IP addresses. In addition, residents of regions that have fallen under US sanctions will be properly informed about the impossibility of using the service.^[4]

Slack has previously restricted access to accounts of those who used the service in Cuba, Iran, North Korea, Sudan, Syria and Crimea. In February 2018, users also complained about this problem and received a response on the messenger's official Twitter page.

2013-2016

Launched in test mode in August 2013, the public release took place on February 12, 2014. On the first day of testing, 8 thousand companies registered. According to the company as of June 2015, 1.1 million users use Slack daily. Slack has become the fastest growing business application in history.

In early February 2015, attackers gained access to the Slack user base for several days. This became known on March 27, when the company spoke about the incident and presented two-factor authentication.

In March 2016, voice and video calling functions were added to the Slack messenger, which strengthened its position in competition with Skype in the corporate communications market.

Notes