In a "management alert" issued Friday, the GSA IG says 18F’s use of Slack — particularly OAuth 2.0, the authentication protocol used to access other third-party services — potentially allowed unauthorized access to 100 Google Drives, a cloud-based file storage service, in use by GSA. Furthermore, the report says that exposure led to a data breach.
It’s unknown exactly who had access to or what data was stored on those Google Drives. The GSA IG office told FedScoop they could not confirm that any data was actually taken off those services.
In a statement, the IG office said they called the incident a data breach because of the administration's extremely inclusive definition.
'via Blog this'