Workspace Members are Allowed to Access Files in Private Channels by the Flaw in Slack

Slack is a popular messaging app and a security flaw is detected in the app that allows workspace members to access files in private channels. Files are shared in public or private channels through slack and the file shared in a conversation can be viewed by anyone who is present in the conversation. And if the person leaves the conversation they can no longer view the file or access it. If anyone else in the conversation shares the file in some other conversation then the people in another conversation can also access the file.

This vulnerability was found by the researchers from Polyrize, an Israeli cloud security outfit. And the researchers said that this flaw could be verified on the slack's user interface as well as by making the associated API calls. The only way to protect your files from such a type of vulnerability is to avoid sharing your files in slack. The Slack company has thanked Polyrize for detecting the vulnerability and they are planning to correct the interface of slack.

Through such vulnerability, the sensitive data are stolen without the knowledge of the user and it is used in many unwanted ways like threatening and blackmailing. The slack has announced thatt they will look into the issue by the security model for sharing Snippets and Posts on Slack will continue to operate as it does today.