Roughly 100,000 Slack users are getting their password reset and will have to choose a new one.
The reason? During the data breach the company suffered in 2015, the attackers have apparently not only accessed a database with user profile information and “irreversibly encrypted” passwords, but have also “inserted code that allowed them to capture plaintext passwords as they were entered by users at the time.”
What happened in 2015?
Unknown attackers gained access to a Slack database storing user profile information, including hashed and salted passwords.
At the time, Slack said that they’ve detected suspicious activity affecting “a very small number of Slack accounts.”
Those account owners were notified, some password resets forced, and Slack made available two-factor authentication and a “password kill switch” for team owners, which allows them to reset passwords ..
Support the originator by clicking the read the rest link below.
