An unprotected AI service is streaming private Slack messages online

Posted by:
Sarah Collins
Wed, 05 Feb
0 Comment
Feature image

Cybersecurity experts have uncovered a concerning data leak involving an AI tool used in Slack, called Struct Chat. This tool, designed to boost productivity within Slack, is inadvertently exposing private user information such as chat messages, GitLab commits, and Slack Huddle conversations. The leak was discovered in mid-October 2024 by researchers at Cybernews who stumbled upon an unprotected web service streaming sensitive data from various applications through an Apache Kafka Broker.

The exposed information includes user tokens, IDs, names, email addresses, timestamps, internal team data, and more. Despite attempts to alert the company behind Struct Chat about the issue, the leak remains unaddressed as of January 27. The potential impact of this leak is substantial as it could enable threat actors to access and extract a wealth of sensitive company and personal data in real-time.

In light of these findings, Cybernews is advising all users to exercise caution and take necessary steps to protect their information. It serves as a stark reminder of the ongoing importance of cybersecurity measures in today’s digital landscape.

For more tech updates, stay informed with Cybernews.

Tags:

0 0 votes
Article Rating
Subscribe
Notify of
guest

0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments