Slack resets 65,000 passwords after 2015 hack

19 Jul 2019

Image: © Blue Planet Studio/Stock.adobe.com

Users affected by the breach will be contacted directly by Slack. The company recommended that all users enable two-factor authentication.

Yesterday (18 July), Slack announced that it would be changing the passwords for 1pc of accounts, estimated to be around 65,000 users, in response to a data breach that occurred in 2015.

The workplace messaging platform, which stands for Searchable Log of All Conversation and Knowledge, has more than 10m daily users and recently went public on the New York Stock Exchange with a value of $20bn.

In 2015, the company informed users that hackers had gained access to its user profile database and scrambled passwords. The hackers inserted a key-logging code that scraped plaintext passwords as they were entered on the app and website.

Slack now says that it has been contacted through its bug bounty and informed of a list of compromised user passwords. The company suspects that this discovery relates to the 2015 data breach. It has not had any major hacks since then.

Accounts that access Slack through single-sign-on via a company network were not affected. Users who have changed their password since March 2015 were also unaffected.

Slack hasn’t given an exact figure on the number of passwords that were reset, but it did say that approximately 1pc of accounts were affected. ZDNet reported that this amounts to around 65,000 users, while Forbes estimated that 100,000 accounts were affected.

Precautions

On Slack’s blog, the company wrote: “We have no reason to believe that any of these accounts were compromised, but we believe that this precaution is worth any inconvenience the reset may cause.”

Users affected by the breach will be contacted directly by Slack. The company recommends that all users turn on two-factor authentication if they have not already.

The Verge advised readers to download a complete log of their accounts from Slack’s website if they are concerned that their account has been compromised.

A number of publications including CNN, Forbes and ZDNet reached out to Slack, but the company declined to comment any further on the matter.

Kelly Earley was a journalist with Silicon Republic

editorial@siliconrepublic.com