this post was submitted on 14 Jul 2024
586 points (98.5% liked)

Technology

57435 readers
4265 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
586
Disney hack leads to 1.2TB of Slack communications leaked online (stackdiary.com)
submitted 1 month ago by [email protected] to c/[email protected]
58 comments fedilink hide all child comments
 

In a significant data breach, hacktivist group NullBulge has infiltrated Disney's internal Slack infrastructure, leaking 1.2TB of sensitive data. This breach, posted on the cybercrime platform Breach Forums on July 12, 2024, exposes many of Disney's internal communications, compromising messages, files, code, and other proprietary information.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 26 points 1 month ago (6 children)

So many passwords will be in there. And cat photos.

[–] [email protected] 32 points 1 month ago (4 children)

Passwords and lotsa creds. I know an infra engineer who stores all of the keys to the projects he's involved in his message to self Slack. When I asked him about it he told me 'when I found out that the company billed my time 5x my salary to clients I stopped caring' and I was like OK that's fair ¯\_(ツ)_/¯

[–] [email protected] 16 points 1 month ago* (last edited 1 month ago) (3 children)

Depends. Our engineering slack (Few thousand members) doesn't contain secrets for a few reasons:

  1. Secret scanning
  2. We have a /secret bot that will take your secret, store it securely, and then present a GUI for each person with access to display that secret "for just that person". And then after a set period of time it's made inaccessible, and wiped from the infra.
  3. Training and knowledge transfer on secret security

This has been incredibly effective. Especially the secret bot.

Turns out that the problem with people sharing secrets is just a matter of convenience. If you make a secure way convenient then everyone tends to just use it by default.

[–] [email protected] 3 points 1 month ago (1 children)

"Secret Bot" sounds great!

Custom in-house or off the shelf?

[–] [email protected] 3 points 1 month ago (1 children)

In house.

[–] [email protected] 3 points 1 month ago

Thank you. It sounds spectacular and well thought out. You must work with a great team.

load more comments (1 replies)
load more comments (1 replies)
load more comments (2 replies)