Max Krohn, CEO of Keybase, writes about the Slack security incident. I use Slack at work, and in fact started us using it. These security breaches are not surprising, although it’s weird that Slack just received new information about a security breach that took place in 2015.
The cloud is easy, but it’s not secure. You have third-parties attacking for data, but also the unclear motives of the companies holding the data for us (Germany just banned Microsoft, Google and Apple cloud tools from their schools because of data privacy concerns). It’s frustrating because these cloud-based tools are as problematic as they are convenient.
My journey with Slack started when it was a newish product, but as it got bigger, it got more attractive as a target. Unfortunately, once you have people using a tool, it’s tough to move them to someplace else (ie, the Keybase teams tool, which is supposed to be more secure than Slack). With the cloud, you need to be prepared to run to another tool when the current one is inevitably compromised. Of course, I could host something myself, but that’s a lot of work and cost for which I’d never be reimbursed.
Sadly, I don’t have a pithy closer for this. I wrote about these challenges almost 10 years ago and the issues are exactly the same. The cloud is complicated. Use it, but don’t trust it. Change your passwords. And just assume whatever you’re keeping in the cloud is compromised.
Slack Security Incident for Keybase CEO | Keybase blog