Different security standards guide the behavior of personal communication applications and those built for corporate needs. Slack’s comprehensive business solutions face significant security weaknesses because of the third-party extensions they support. The Cybernews team (reported by TechRadar) identified a critical security flaw in Struct Chat, the AI-powered Slack extension, by monitoring private messages sent through the system.
Slack AI Integration Puts Millions at Risk
Slack users gain access to Struct Chat, which utilizes ChatGPT-based core technology to provide productivity assistance and discuss topic summaries through Slack integration. The data processing system of Struct Chat contains a security flaw that remarkably revealed private user information to numerous companies using the service.
The problem originates from a Kafka Broker data management hub for real-time application information processing. The hub protects its web service without adequate security, making it a top preferred target for hackers since it manages extensive amounts of classified corporate information.
Unauthorized parties can use the exposed security hole to access the following information:
- Usernames and email addresses
- Private Slack conversations (together with all chats that include the AI bot) remain subject to unauthorized access.
- Users will discover both team names and internal link connections inside the system.
- User activity logs, and profile update activities compose part of the vulnerable data.
- Device IDs
The exposure of device IDs and real names enables hackers to track users for the execution of phishing attacks and corporate espionage.
Slack Security Flaw Still Open for Exploitation
While the severity of the problem exists, the Struct Chat team has not addressed the security weakness. The scientists at Cybernews found the data leak on October 14, 2024, before disclosing it publicly on October 16, 2024. The vulnerability has persisted without remedy since the company behind Struct Chat disregarded all communication requests.
User safety remains stated in Struct Chat product descriptions while the security vulnerability continues to affect users.
What You Should Do Now
Take immediate action if your company has installed Struct Chat or any AI-powered Slack integration.
- Disabling the Struct Chat extension should remain your first step until the reported issue has been fixed.
- Warn employees about the risk of leaked conversations and data exposure.
- Monitor company Slack usage for signs of unauthorized access.
- Report any suspicious activity to IT security teams.
- Be alert to security updates and official statements released by Struct Chat.
The CERT (Computer Emergency Response Team) contacted the organization on December 4th, 2024, for expedited remediation, but the company has not received a resolution yet. Organizations must search for different communication options until Struct Chat finds a way to solve its security vulnerability.
The exposure of enterprise systems underscores the safety hazards that result from involving third-party artificial intelligence modules within business applications. AI technology improves productivity, so it becomes essential for companies to monitor unapproved extensions, which could harm user privacy protection.
Ethan Cole is a tech aficionado dedicated to exploring the latest innovations and gadgets, providing reviews and insights to keep you updated in the tech world.
