Slack users were unwittingly sharing Slack bot programming code on GitHub. Slack was alerted by security firm Detectify Labs who discovered Slack bots were sharing sensitive company information. Slack has since updated its positions on tokens, telling Detectify We re proactively looking for tokens ourselves now, and reaching out to customers to let them know when we ve disabled tokens and where we found them. We ll deactivate these in the next batch. Our customers security is of paramount importance to us, Slack said.
Source: https://threatpost.com/slack-plugs-token-security-hole/117750/