My security team is worried about allowing customers to send us image files in messenger. Is this a valid concern? Is there a way to get malware through messenger? Is anyone here restricting your file uploads?
This is my third company that I've been at that uses intercom, and I've never heard this concern expressed before. So while I don't want to dismiss it, the documentation feels pretty clear about how safe this is. Plus, I need customers to be able to send us screenshots.
Thanks in advance.
Best answer by Paul B12
Hey
To reassure your security team: Intercom takes file upload security seriously, especially for images and attachments shared through the Messenger. When a customer sends a file (like a screenshot), Intercom scans it for potential threats and stores it securely. We restrict executable file types (like .exe, .bat, etc.) from being uploaded entirely, and known malware types are blocked automatically.
Images and common file types (like PNG, JPG, PDF) are allowed, but Intercom blocks potentially dangerous formats.
Uploaded files are scanned and served securely via Intercom’s CDN.
You can’t run or execute any uploaded file directly from Messenger they’re just attachments, not active content.
There’s no way for a customer to inject or execute malware via image uploads in Messenger.
Let me know if you'd like to explore restricting certain file types or setting up a workflow to review incoming files happy to help find the right balance between usability and security!
+2Hey
To reassure your security team: Intercom takes file upload security seriously, especially for images and attachments shared through the Messenger. When a customer sends a file (like a screenshot), Intercom scans it for potential threats and stores it securely. We restrict executable file types (like .exe, .bat, etc.) from being uploaded entirely, and known malware types are blocked automatically.
Images and common file types (like PNG, JPG, PDF) are allowed, but Intercom blocks potentially dangerous formats.
Uploaded files are scanned and served securely via Intercom’s CDN.
You can’t run or execute any uploaded file directly from Messenger they’re just attachments, not active content.
There’s no way for a customer to inject or execute malware via image uploads in Messenger.
Let me know if you'd like to explore restricting certain file types or setting up a workflow to review incoming files happy to help find the right balance between usability and security!
Already have an account? Login
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
