Cybersecurity experts have uncovered a concerning data leak involving an AI tool used in Slack, called Struct Chat. This tool, designed to boost productivity within Slack, is inadvertently exposing private user information such as chat messages, GitLab commits, and Slack Huddle conversations. The leak was discovered in mid-October 2024 by researchers at Cybernews who stumbled upon an unprotected web service streaming sensitive data from various applications through an Apache Kafka Broker.
The exposed information includes user tokens, IDs, names, email addresses, timestamps, internal team data, and more. Despite attempts to alert the company behind Struct Chat about the issue, the leak remains unaddressed as of January 27. The potential impact of this leak is substantial as it could enable threat actors to access and extract a wealth of sensitive company and personal data in real-time.
In light of these findings, Cybernews is advising all users to exercise caution and take necessary steps to protect their information. It serves as a stark reminder of the ongoing importance of cybersecurity measures in today’s digital landscape.
For more tech updates, stay informed with Cybernews.