19 Jul

Password reset for thousands of Slack users after a data breach

 

Popular messaging service Slack is to reset the user passwords for thousands of customers after a historic data breach.

Around one percent of all Slack users are thought to be affected by the attack – equivalent to over 65,000 customers.

Slack, which stands for the Searchable Log of All Conversation and Knowledge, has more than 10 million daily users.

The company was recently valued at over $20bn and claims to have 10 million active daily users worldwide. Customers include 21st Century Fox, the BBC and Lyft.

Password

The company confirmed it will reset the passwords of users it believes could be affected by the cyberattack which happened in 2015.

Slack said it was resetting the passwords after an investigation revealed that stolen credentials were being sold online. These included customer profiles, hashed passwords and some passwords in clear text.

Hackers

Hackers gained access to its user profile database four years ago and this included access to the scrambled user passwords.

The attackers were able to insert code to log passwords in plain text as they were typed.

The company became aware of the attack after being contacted recently through its bug bounty program about a list of allegedly compromised Slack account passwords.

The stolen account information was originally thought to be the result of isolated malware infections or phishing operations.

However, after investigating, the usernames and passwords were found to have been lifted from the historic cyber-attack.

Slack was quick to reset passwords of users that were confirmed to have been impacted by the ensuing investigation.

The company now says it will be resetting passwords for another 100,000 users in response to “new information” about that hack.

Slack recently added several security upgrades, including the launch of Enterprise Key Management to give an added layer of protection. The new service will allow businesses admins full control over the encryption keys used to encrypt the files and messages within their Slack workspace.

Slack is used by businesses as it can replace email, text messaging, and instant messaging for their staff.

There are both desktop and mobile versions and users can collaborate and coordinate their work no matter whether they are in the office or remotely.

 Disclosure

Slack confirmed in a recent disclosure notice that it had recently received details of potentially compromised user credentials.

However, as more information became available and our investigation continued,” the notice explained, “we determined that the majority of compromised credentials were from accounts that logged in to Slack during the 2015 security incident.”

Slack maintains that the majority of users did not need to have their accounts reset.

The only users at risk were people who began using Slack before February of 2015 who did not reset their passwords after the cyberattack took place. And those who did not implement two-factor authentication on their accounts.

 

BENEFITS

  • Feature
    No set up fee
  • Feature
    Maintain compliance
  • Feature
    Save time and resources
  • Feature
    Certified GDPR experts
  • Feature
    Protect your reputation
  • Feature
    Protect your business
THE COMBINATION OF GDPR CERTIFIED SPECIALISTS AND COMPLIANCE EXPERTS, BACKED BY OUR PROPRIETARY iCaaS SOFTWARE PLATFORM DELIVERS THE MOST EFFECTIVE GDPR COMPLIANCE, ANYWHERE.
Photo

Get in
Touch

ADDRESS

4 Elmwood, Chineham Park,
Basingstoke, RG24 8WG

CONNECT WITH US