• Cyber Safety
  • Posts
  • Leaked by Default: Cloud Buckets, Slack Bots & Overshared Screens

Leaked by Default: Cloud Buckets, Slack Bots & Overshared Screens

September 19, 2025

In partnership with

 

The #1 AI Newsletter for Business Leaders

Join 400,000+ executives and professionals who trust The AI Report for daily, practical AI updates.

Built for business—not engineers—this newsletter delivers expert prompts, real-world use cases, and decision-ready insights.

No hype. No jargon. Just results.

Public Cloud Buckets Are Being Re-Indexed via AI Search Crawlers

AI-driven web crawlers are discovering misconfigured AWS/GCP buckets that were previously “security through obscurity.” Even minor indexing now leads to instant exposure.

Enforce private-by-default storage policies. Set up continuous external scanning to match how attackers discover exposed assets.

Screen-Sharing Defaults Are Still Causing Unintended Exposure

Platforms like Zoom and Google Meet often default to “entire screen”—leading to leaks of dashboards, password managers, and other windows when sharing shifts fast.

Train for “window-only” sharing. Apply endpoint-based warnings when sensitive apps are visible during active share.

Slack App Tokens Are Being Traded in Forums

Compromised Slack bots and app tokens are showing up in credential marketplaces, offering attackers persistent access to sensitive internal channels.

Rotate Slack tokens on schedule. Use granular bot scopes and disable legacy token formats across your workspace.

Device Names Are Revealing Org Structures

Laptop names like “finance-lisa-macbook” or “legal-vp-raj” are being harvested in Wi-Fi scans and help desk requests—revealing department hierarchies to attackers.

Standardize anonymized device naming conventions. Remove department/role references from MDM labels and endpoint registries.

Phishing Kits Are Now Targeting Status Pages

Attackers are spoofing SaaS vendor status pages (e.g., Okta, Atlassian, GCP) to trick users into reauthenticating during “maintenance” events—harvesting tokens.

Train users to verify status URLs. Bookmark trusted status pages and warn against reauth inside these flows.

Broken Alert Routing Leaves No One Responsible

In many orgs, alerts route to email lists that no longer exist or to teams who’ve changed roles—resulting in ownership gaps and missed escalations.

Map alert types to response owners quarterly. Auto-escalate stale alerts and embed ownership metadata in every rule.