Slack apologizes for blocking accounts by mistake

    Last week, a small stir caused the situation with the removal of accounts Slack . Some users began to receive messages from Slack Technologies about US sanctions "to certain countries and regions, such as Cuba, Iran, North Korea, Syria and the Crimea region of Ukraine."

    As stated in the letter, in connection with economic sanctions, the company is forced to close the user account immediately ("closing the account effective immediately").

    It is known that the problem affected not all users from the Crimea, but only some. The study showed that the filtering of “forbidden” accounts by Slack has been going on at least since February 2018 . However, this time the number of banned accounts turned out to be unusually high (see the thread on HN). The situation had a wide response - and in the end Slack had to apologize and recover deleted accounts.

    “Two days ago, we updated our system to apply location information in accordance with US trade embargoes and economic sanctions rules,” a message on the December 21, 2018 Slack corporate blog. “Shortly after the update, we found that we made a number of errors and, through carelessness, deactivated several accounts that weren’t following. We acknowledge the inconvenience caused and sincerely apologize to people affected by our actions. In fact, we also apologize to people whose accounts we intended to disable in order to comply with these rules. We didn’t very well cope with communication and in both cases didn’t meet our own standards of politeness and customer focus. ”

    Thus, Slack does not refuse further ban of accounts, but agrees to restore those that were deleted by mistake.

    “We did not block users based on their nationality or ethnicity. As usual in the enterprise software industry, Slack uses location information, mainly derived from IP addresses, to implement these necessary blocks. We do not collect, do not use and do not possess any information about the nationality or ethnicity of our users, the message says. - We have restored access to the majority of erroneously blocked accounts and are making every effort to restore all remaining users, access to which was blocked by mistake. If you think we made a mistake in blocking your access, contact and we will consider it as soon as possible. ”

    It can be concluded that a massive blocking of accounts is carried out automatically, and the recovery is in manual mode. That is, the recommendations of the affected company Flant remain relevant, which outlined the situation in Habré: it is important to have a backup plan for such situations (for example, special Telegram chats), and “more globally, look again at self-hosted solutions like Mattermost and Rocket.Chat ".

    From a security point of view, it is unacceptable to fully rely in communications on a third-party SaaS solution , over which you have no control. Indeed, besides technical failure, malicious actions by the platform owner are possible, as we have seen in this case.

    “We would also like to notify our users that, as we continue to update our systems over the next few weeks, we will soon begin to block access to our service from the IP addresses associated with the banned country. Users who travel to an authorized country may not have access to Slack as long as they stay in that country. However, we will not deactivate their accounts, and they will be able to access Slack when they return to countries or regions for which blocking is not required - this is the official announcement of further locks from Slack. “We admit that we made a few mistakes here.” Our attempts to comply with these rules were not well implemented. In our communications, we did not treat customers and other users with due respect. And finally, in a hurry, To understand the impact and begin the mitigation process, we were in no hurry to report what was happening. We apologize to all the victims. We will take these failures as lessons that we can use to improve service and avoid similar mistakes in the future. ”

    To summarize, in the future, Slack plans to increase the scale of locks that may affect all users with IP addresses from Iran, Cuba, Crimea, and so on according to the sanction list.

    Also popular now: