Rankiteo Logo
Rankiteo
Leader in Cyber Underwriting
Loading...
NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop
WindowsmacOSLinux
Download
Slack

Slack Vendor Cyber Rating & Cyber Score

slack.com

Slack is on a mission to make people's working lives simpler, more pleasant and more productive. It is the productivity platform for customer companies that improves performance by empowering everyone with no-code automation, making search and knowledge sharing seamless, and keeping teams connected and engaged as they move work forward together. As part of Salesforce, Slack is deeply integrated into the Salesforce Customer 360, supercharging productivity across sales, service and marketing teams. To learn more and get started with Slack for free, visit slack.com or connect with us @SlackHQ. Ensuring a diverse and inclusive workplace where we learn from each other is core to Slack’s values. We welcome people of different backgrounds,


Slack A.I CyberSecurity Scoring

Slack
Company Information
Website:https://slack.com/
Employees number:2,964
Number of followers:1,723,517
NAICS:513
Industry Type:Technology, Information and Internet
Homepage:slack.com
Slack Risk Score (AI oriented)
Between 650 and 699
logo
SlackTechnology, Information and Internet
Updated:
04/05/2026
683/1000
Weak
B
AaaAaABaaBaBCaaCaC
Powered by our proprietary A.I cyber incident model
Insurance prefers TPRM score to calculate premium
Slack Global Score (TPRM)
xxxx
logo
SlackTechnology, Information and Internet
•••
Score locked
Instant access to detailed risk factors
Vulnerabilities
Benchmark vs. industry & size peers
Findings

Slack
SlackWeak
Current Score
683B (WEAK)
01000
4 incidents
-41.5 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
689Before Incident
JUNE 2026
687Before Incident
MAY 2026
683Before Incident
APRIL 2026
682Before Incident
MARCH 2026
759Before Incident
Breach
20 Mar 2026Slack
Notion, Slack, Google, Zoom, Nikkei and Workday: Your work apps are quietly handing 19 data points to someone

Workplace Apps Collect Extensive User Data, Raising Privacy and Security Concerns

680After Incident
CRITICAL-79
WORNOTGOOZOONIKTIN1777868873
Workplace Apps Collect Extensive User Data, Raising Privacy and Security Concerns A recent study by Incogni, analyzing data from the Google Play Store as of March 20, 2026, reveals that ten widely used workplace apps including Gmail, Microsoft Teams, Zoom Workplace, Slack, and Notion collect an average of 19 data points per app, with some sharing sensitive information with third parties. These apps, cumulatively downloaded over 12.5 billion times, are integral to U.S. corporate operations but pose significant privacy and security risks. Data Collection and Sharing Practices Gmail leads in data harvesting, collecting 26 distinct data types, including approximate location, app interactions, and user IDs for advertising. Microsoft Teams and Zoom Workplace follow closely, with 25 and 23 data types, respectively both uniquely gathering precise location data. Six of the ten apps, including Slack, Notion, and Zoom Workplace, use collected data for marketing, with Slack, Todoist, and Notion specifically harvesting employee email addresses for this purpose. Notion stands out for its outbound data flow, sharing eight data types such as email addresses, names, and device IDs with third parties, including advertising partners. The app’s privacy policy permits tracking tools on user browsers, raising concerns over the exposure of sensitive workspace content like HR records and client data. Regulatory scrutiny has intensified, particularly after the EU’s Data Protection Board tightened GDPR requirements in December 2024 regarding personal data use in AI training, directly impacting Notion’s third-party model integrations. Security Vulnerabilities and Breach History Most apps in the study have a history of breaches. In January 2026, a 96-gigabyte database containing 149 million login credentials 48 million tied to Gmail was exposed, attributed to infostealer malware on user devices. Slack suffered a November 2025 breach where attackers used stolen credentials to access accounts of over 17,000 Nikkei employees, exposing names, emails, and chat histories. Trello, Zoom, and Microsoft products have also faced incidents, with Trello data appearing for sale in January 2024. Workday is the only app in the analysis without a user data deletion option, despite holding employment records and payroll details. In August 2025, the platform confirmed two breaches linked to its Salesforce CRM, where attackers obtained business contact information as part of a ShinyHunters social engineering campaign. BYOD Risks and Platform Disparities Many employees install these apps on personal devices, exposing contact details, financial data, and location information to advertising networks or corporate administrators. Slack, for example, lacks end-to-end encryption, allowing workspace owners to access direct messages and private channels. While the study focuses on Google Play data, Incogni notes that iOS disclosures may differ, though past comparisons suggest similar privacy practices across platforms. The findings highlight the trade-offs between workplace productivity and data exposure, with recurring breaches and extensive tracking underscoring the risks of integrating these tools into daily operations.
INCIDENT DETAILS -
TYPE
Data CollectionPrivacy ViolationData Breach
MOTIVATION
Data Harvesting for AdvertisingFinancial GainEspionage
IMPACT
Login CredentialsEmail AddressesNamesChat HistoriesEmployment RecordsPayroll DetailsDevice IDsLocation DataGmailMicrosoft TeamsZoom WorkplaceSlackNotionTrelloWorkdayOperational Impact: Exposure of sensitive workspace content and corporate dataBrand Reputation Impact: Increased regulatory scrutiny and loss of user trustGDPR ViolationsPotential FinesIdentity Theft Risk: High
DATA BREACH
Login CredentialsEmail AddressesNamesChat HistoriesEmployment RecordsPayroll DetailsDevice IDsLocation Data149 million (Gmail-related)17,000 (Slack)Sensitivity Of Data: HighData Exfiltration: YesData Encryption: Lacking in some cases (e.g., Slack)Email AddressesNamesEmployment RecordsPayroll Details
FEBRUARY 2026
758Before Incident
JANUARY 2026
757Before Incident
DECEMBER 2025
756Before Incident
NOVEMBER 2025
764Before Incident
OCTOBER 2025
759Before Incident
Vulnerability
28 Oct 2025Slack
Slack

Slack Wikipedia Link Rendering Glitch Enables Malware Distribution

755After Incident
MEDIUM-4
TIN0344703102825
Cybersecurity researchers uncovered a vulnerability in Slack’s link-rendering mechanism, where improper spacing between punctuation and text (e.g., `face.book`) could be exploited to generate deceptive hyperlinks. Attackers manipulated Wikipedia articles by inserting maliciously formatted footnotes, tricking Slack into displaying fake links in preview panes. These links, when clicked, redirected victims to malware-hosting sites. Over 1,000 Wikipedia pages were identified as potential vectors. The attack required prior access to a victim’s Slack workspace (e.g., via compromised accounts) and relied on social engineering to lure clicks. While no direct data breaches or financial losses were confirmed, the flaw exposed users to phishing and malware risks, undermining trust in Slack’s platform security. The issue also highlighted broader concerns about Slack’s third-party app integration policies, which could amplify attack surfaces. No evidence suggested large-scale exploitation, but the method’s simplicity and reliance on trusted sources (Wikipedia) increased its potential effectiveness.
INCIDENT DETAILS -
TYPE
Vulnerability ExploitationSocial EngineeringMalware Distribution
MOTIVATION
Malware DistributionCredential TheftExploiting Trust in Authoritative Sources
IMPACT
Slack WorkspacesUser Endpoints (via Malware)Potential erosion of trust in Slack's securityExploitation of Wikipedia's perceived authorityIdentity Theft Risk: High (if malware includes keyloggers or info-stealers)
SEPTEMBER 2025
758Before Incident
AUGUST 2025
757Before Incident
JUNE 2024
760Before Incident
Cyber Attack
01 Jun 2024Slack
Context.ai, OpenAI, Slack and GCP: The Vercel Breach: OAuth Supply Chain Attack Exposes the Hidden Risk in Platform Environment Variables

Multi-Stage OAuth-Based Attack Chain Targeting Organizations

744After Incident
CRITICAL-16
GCPTINOPETHE1776717501
Cybersecurity Alert: Detection Logic for a Multi-Stage OAuth-Based Attack Chain A recent cybersecurity advisory outlines detection strategies for a sophisticated attack chain targeting organizations via compromised OAuth applications, internal system access, and credential abuse. The threat actors exploited a known-bad OAuth Client ID (110671459871-30f1spbu0hptbs60cb4vsmv79i7bbvqj.apps.googleusercontent.com) linked to the Context.ai application, enabling unauthorized access to Google Workspace environments. ### Key Attack Stages & Detection Patterns 1. OAuth Application Anomalies (Stages 1–2) - Token Abuse: Alerts should trigger on token refresh/authorization events tied to the compromised Client ID. - Over-Permissioned Apps: Review OAuth apps with broad scopes (e.g., full mail/Drive access) and revoke unused or unauthorized applications. - Token Theft Indicators: Flag token usage from IPs outside expected corporate or vendor CIDR ranges. 2. Internal System Access & Lateral Movement (Stage 3) - SSO/SAML Anomalies: Monitor identity provider logs for suspicious authentication (e.g., unfamiliar IPs, geolocations, or first-time access to internal tools like Vercel, CI/CD platforms). - Credential Harvesting: Detect bulk email searches (e.g., "API key," "secret," "password") and unusual Drive file access (e.g., credential stores, engineering docs). - OAuth-Connected Tool Abuse: Track downstream services (Slack, Jira, GitHub) for off-hours or anomalous API activity tied to compromised accounts. - Privilege Escalation: Watch for unauthorized permission requests, group membership changes, or admin console access. 3. Environment Variable Enumeration (Stage 4) - Vercel Audit Logs: Baseline normal deployment activity to detect unusual environment variable access (e.g., high-volume reads, user-driven queries instead of service accounts). 4. Downstream Credential Abuse (Stage 5) - Exposed Credentials (June 2024–April 2026): Audit logs (AWS CloudTrail, GCP/Azure audit logs, SaaS APIs) for usage from unexpected IPs or inactive time windows. - Immediate Response: Rotate compromised credentials and investigate attacker actions. 5. Third-Party Leak Notifications - Automated Alerts: Monitor leaked-credential notifications from GitHub, AWS, OpenAI, Stripe, and other providers treating platform-specific leaks as potential compromise indicators. ### Impact & Scope The attack chain highlights risks from OAuth abuse, lateral movement via trusted identities, and credential theft from deployment platforms. Organizations are advised to implement SIEM detection rules (Sigma, Splunk, KQL, etc.) tailored to their log schemas to identify and mitigate these threats. The exposure window for affected credentials spans June 2024 to April 2026, emphasizing the need for proactive monitoring.
INCIDENT DETAILS -
TYPE
OAuth Abuse, Credential Theft, Lateral Movement
IMPACT
Data Compromised: Environment variables, credentials, internal documents, API keys, secrets, passwordsSystems Affected: Google Workspace, Vercel, CI/CD platforms, Slack, Jira, GitHub, AWS, GCP, Azure, SaaS APIsOperational Impact: Unauthorized access to internal tools, potential data exfiltration, credential abuseIdentity Theft Risk: High (Personally Identifiable Information exposure risk)
DATA BREACH
Type Of Data Compromised: Credentials, API keys, secrets, environment variables, internal documentsSensitivity Of Data: High (credentials, PII, proprietary information)Personally Identifiable Information: Potential (depends on compromised data)
JUNE 2022
802Before Incident
Breach
16 Jun 2022Slack
Slack

Slack GitHub Code Repository Breach

742After Incident
CRITICAL-60
SLA1946123
Slack suffered a security incident that affected some of its private GitHub code repositories. The immensely popular Salesforce-owned IM app is used by an estimated 18 million users at workplaces and digital communities around the world. The breach happened on December 31st, 2022. The threat actors gained access to Slack's externally hosted GitHub repositories via a limited number of Slack employee tokens that were stolen.
INCIDENT DETAILS -
TYPE
Data Breach
IMPACT
Private GitHub Code Repositories
DATA BREACH
Private GitHub Code Repositories

Frequently Asked Questions

?
What is the current A.I Rankiteo Cyber Score for Slack ?
?
What was Slack's A.I Rankiteo Cyber Score in June 2026 ?
?
What was Slack's A.I Rankiteo Cyber Score in May 2026 ?
?
What was Slack's A.I Rankiteo Cyber Score in April 2026 ?
?
What was Slack's A.I Rankiteo Cyber Score in March 2026 ?
?
What was Slack's A.I Rankiteo Cyber Score in February 2026 ?
?
What was Slack's A.I Rankiteo Cyber Score in January 2026 ?
?
What was Slack's A.I Rankiteo Cyber Score in December 2025 ?
?
What was Slack's A.I Rankiteo Cyber Score in November 2025 ?
?
What was Slack's A.I Rankiteo Cyber Score in October 2025 ?
?
What was Slack's A.I Rankiteo Cyber Score in September 2025 ?
?
What was Slack's A.I Rankiteo Cyber Score in August 2025 ?
?
What is the average per-incident point impact on Slack's A.I Rankiteo Cyber Score over the past 12 months ?
?
Where can I access detailed records of all cyber incidents associated with Slack ?
?
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ?
?
Where can I view Slack's profile page on Rankiteo ?
?
How accurate is the A.I Rankiteo Risk Scoring methodology ?
Slack Cyber Scoring History | Rankiteo