Slack user role changed
Description
AlphaSOC detected that a Slack user role was changed using the
user_role_changed action.
Impact
The unauthorized modification of user roles in Slack can lead to a breach of data confidentiality and integrity. Adversaries may gain access to restricted channels, private messages, or sensitive files, potentially compromising business operations and exposing confidential information.
Severity
| Severity | Condition |
|---|---|
Informational | Slack user role changed |
Investigation and Remediation
Review Slack audit logs to verify whether the role change was authorized. If unauthorized, revert the role change, reset the user's credentials, and conduct a thorough security audit to determine the extent of the potential damage.