Slack Just Fixed a Major Security Bug

March 2, 2017, 11:43 PM UTC
Interviews With Indiegogo Inc. Co-Founders
Stewart Butterfield, co-founder and chief executive officer of Slack, speaks during a Bloomberg West Television interview in San Francisco, California, U.S., on Wednesday, Nov. 12, 2014. Slack, a software service company helping teams of co-workers to converse, work on projects together, and share links, pictures and more in real time, recently raised $120 million and is now valued at $1.12 billion. Photographer: David Paul Morris/Bloomberg via Getty Images
Photograph by David Paul Morris — Bloomberg/Getty Images

Slack just adverted what could have been a big disaster for its users.

The work-and-chat startup said Thursday that it fixed a security bug that if hackers exploited, could have led to criminals reading people’s private chats and communications. Fortune is a customer of Slack.

An altruistic hacker, Frans Rosén, reported the bug to Slack, which fixed the bug roughly five hours later. Slack paid $3,000 Rosén for spotting and reporting the error, Rosén said.

After fixing the bug, Slack said that it “performed a thorough investigation to confirm that this had never been exploited.”

Get Data Sheet, Fortune’s technology newsletter.

As tech news website ZDNet explains, Rosén discovered a way to steal user security tokens, which are essentially used to doll out who is allowed to access the appropriate Slack accounts.

Once Rosén obtained the tokens, he could log into different Slack accounts and trick the system into believing he was a sanctioned-user.

Rosén reported the error on the bug-reporting service of cybersecurity startup HackerOne, and wrote a detailed technical account of how he was able to exploit the security bug.

Rosén’s effort to help Slack is an example of how companies use so-called bug bounty programs to reward honest hackers who spot security problems before criminals can exploit them.

For more about cybersecurity, watch:

For example, Google (GOOG) said in February that it gave $3 million to good-guy hackers in 2016 for discovering security vulnerabilities in its various products and services.


Subscribe to Well Adjusted, our newsletter full of simple strategies to work smarter and live better, from the Fortune Well team. Sign up today.

Read More

Artificial IntelligenceCryptocurrencyMetaverseCybersecurityTech Forward