Slack resets 65,000 passwords after 2015 hack

19 Jul 2019149 Views

Share on FacebookTweet about this on TwitterShare on LinkedInShare on Google+Pin on PinterestShare on RedditEmail this to someone

Image: © Blue Planet Studio/Stock.adobe.com

Share on FacebookTweet about this on TwitterShare on LinkedInShare on Google+Pin on PinterestShare on RedditEmail this to someone

Users affected by the breach will be contacted directly by Slack. The company recommended that all users enable two-factor authentication.

Yesterday (18 July), Slack announced that it would be changing the passwords for 1pc of accounts, estimated to be around 65,000 users, in response to a data breach that occurred in 2015.

The workplace messaging platform, which stands for Searchable Log of All Conversation and Knowledge, has more than 10m daily users and recently went public on the New York Stock Exchange with a value of $20bn.

In 2015, the company informed users that hackers had gained access to its user profile database and scrambled passwords. The hackers inserted a key-logging code that scraped plaintext passwords as they were entered on the app and website.

Slack now says that it has been contacted through its bug bounty and informed of a list of compromised user passwords. The company suspects that this discovery relates to the 2015 data breach. It has not had any major hacks since then.

Accounts that access Slack through single-sign-on via a company network were not affected. Users who have changed their password since March 2015 were also unaffected.

Slack hasn’t given an exact figure on the number of passwords that were reset, but it did say that approximately 1pc of accounts were affected. ZDNet reported that this amounts to around 65,000 users, while Forbes estimated that 100,000 accounts were affected.

Precautions

On Slack’s blog, the company wrote: “We have no reason to believe that any of these accounts were compromised, but we believe that this precaution is worth any inconvenience the reset may cause.”

Users affected by the breach will be contacted directly by Slack. The company recommends that all users turn on two-factor authentication if they have not already.

The Verge advised readers to download a complete log of their accounts from Slack’s website if they are concerned that their account has been compromised.

A number of publications including CNN, Forbes and ZDNet reached out to Slack, but the company declined to comment any further on the matter.

Kelly Earley is a journalist with Siliconrepublic.com

editorial@siliconrepublic.com