Slack public link created to file with potentially sensitive data
Description
AlphaSOC detected the creation of a public Slack link that exposes potentially sensitive data. The shared files contain terms such as password, ssh, key, config, or other potentially confidential content. This indicates possible data exfiltration through the creation of publicly accessible URLs to internal files and documents hosted in Slack.
Impact
Creating public links to sensitive data in Slack enables unauthorized access and data exposure. Threat actors can discover and access these links through search engines, social media, or targeted attacks. The exposure creates immediate security risks and potential compliance violations.
Severity
| Severity | Condition |
|---|---|
Low | Creation of a public link to a file with potentially sensitive data |
Investigation and Remediation
Review Slack audit logs to identify the user who created the public link and examine the exposed file content. Immediately revoke public access to the file. Rotate any exposed credentials, tokens or secrets. Update Slack workspace policies to require approval for public link creation. Enable automated scanning of shared files for sensitive content.