this post was submitted on 14 Jul 2024
587 points (98.5% liked)

Technology

59405 readers
2702 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

In a significant data breach, hacktivist group NullBulge has infiltrated Disney's internal Slack infrastructure, leaking 1.2TB of sensitive data. This breach, posted on the cybercrime platform Breach Forums on July 12, 2024, exposes many of Disney's internal communications, compromising messages, files, code, and other proprietary information.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 26 points 4 months ago (2 children)

So many passwords will be in there. And cat photos.

[–] [email protected] 32 points 4 months ago (1 children)

Passwords and lotsa creds. I know an infra engineer who stores all of the keys to the projects he's involved in his message to self Slack. When I asked him about it he told me 'when I found out that the company billed my time 5x my salary to clients I stopped caring' and I was like OK that's fair ¯\_(ツ)_/¯

[–] [email protected] 16 points 4 months ago* (last edited 4 months ago) (1 children)

Depends. Our engineering slack doesn't contain secrets for a few reasons:

  1. Secret scanning
  2. We have a /secret bot that will take your secret, store it securely, and then present a GUI for each person with access to display that secret "for just that person". And then after a set period of time it's made inaccessible, and wiped from the infra.
  3. Training and knowledge transfer on secret security

This has been incredibly effective. Especially the secret bot.

Turns out that the problem with people sharing secrets is just a matter of convenience. If you make a secure way convenient then everyone tends to just use it by default.

[–] [email protected] 3 points 4 months ago (1 children)

"Secret Bot" sounds great!

Custom in-house or off the shelf?

[–] [email protected] 3 points 4 months ago (1 children)
[–] [email protected] 3 points 4 months ago

Thank you. It sounds spectacular and well thought out. You must work with a great team.

[–] [email protected] 9 points 4 months ago

And jokes about meatball Ron