Users affected by the breach will be contacted directly by Slack. The company recommended that all users enable two-factor authentication.
Yesterday (18 July), Slack announced that it would be changing the passwords for 1pc of accounts, estimated to be around 65,000 users, in response to a data breach that occurred in 2015.
The workplace messaging platform, which stands for Searchable Log of All Conversation and Knowledge, has more than 10m daily users and recently went public on the New York Stock Exchange with a value of $20bn.
In 2015, the company informed users that hackers had gained access to its user profile database and scrambled passwords. The hackers inserted a key-logging code that scraped plaintext passwords as they were entered on the app and website.
Slack now says that it has been contacted through its bug bounty and informed of a list of compromised user passwords. The company suspects that this discovery relates to the 2015 data breach. It has not had any major hacks since then.
Accounts that access Slack through single-sign-on via a company network were not affected. Users who have changed their password since March 2015 were also unaffected.
Slack hasn’t given an exact figure on the number of passwords that were reset, but it did say that approximately 1pc of accounts were affected. ZDNet reported that this amounts to around 65,000 users, while Forbes estimated that 100,000 accounts were affected.
On Slack’s blog, the company wrote: “We have no reason to believe that any of these accounts were compromised, but we believe that this precaution is worth any inconvenience the reset may cause.”
Users affected by the breach will be contacted directly by Slack. The company recommends that all users turn on two-factor authentication if they have not already.
A number of publications including CNN, Forbes and ZDNet reached out to Slack, but the company declined to comment any further on the matter.