Access Now

Here’s a portrait of Hell:

It’s 2018. An anonymous hacker finds a way to get access to Slack’s servers and decides to make off with everyone’s chat logs and private messages. Then, that person decides to put it all in a 50 gigabyte .zip file and makes it downloadable on Pastebin. Just like that—probably overnight, and without any warning—every bit of petty shit you’ve ever typed into Slack is now the world’s business.

On Thursday, hacker Frans Rosén found a bug that let him—as well as less well-intentioned folks—log into anybody’s Slack account using a malicious web page. Slack fixed the bug within hours. Will it be handled so quickly next time?

That time you and your coworker gabbed about your boss’s bad breath; the DMs you sent about picking up weed for a Friday night out; all the times you complained or boasted about traffic on your site… Everything could get out there.

I can’t say for sure that this will ever happen, but at this point it’s safe to say that it’s a possibility at the very least.

There’s only one thing to do, I guess: Don’t talk trash on Slack.

Yahoo is sending out warnings to its users that their accounts may have been compromised. Yahoo’s chief information security officer is telling users that forged cookies may have been used to access their accounts between 2015 and 2016.

“Our outside forensic experts have been investigating the creation of forged cookies that could allow an intruder to access users’ accounts without a password,” according to an email obtained by ZDNet. “Based on the ongoing investigation, we believe a forged cookie may have been used in 2015 or 2016 to access your account. We have connected some of the cookie forging activity to the same state-sponsored actor believed to be responsible for the data theft we disclosed on Sept. 22, 2016.”