Slack organization deleted
Description
AlphaSOC detected that a Slack organization was deleted. This finding may indicate that an adversary removed the organization's Slack workspace, disrupting communication channels and access to historical messages.
Impact
Deletion of a Slack organization results in permanent loss of communication channels, conversations, files, and collaboration history. This disrupts business operations, leads to data loss, and prevents team communication through established Slack channels.
Severity
| Severity | Condition |
|---|---|
Medium | Slack organization deleted |
Investigation and Remediation
Contact Slack support immediately to attempt workspace recovery. Review audit logs to identify the user who initiated the deletion, and investigate any other potentially compromised administrator accounts. Document the scope of lost data and communications, and implement alternative communication channels to ensure business continuity. After the initial response, review and strengthen access controls for workspace administrators, and consider deploying organization-wide backup solutions to prevent future data loss.