Roughly 100,000 Slack users are getting their password reset and will have to choose a new one.
The reason? During the data breach the company suffered in 2015, the attackers have apparently not only accessed a database with user profile information and “irreversibly encrypted” passwords, but have also “inserted code that allowed them to capture plaintext passwords as they were entered by users at the time.”
What happened in 2015?
Unknown attackers gained access to a Slack database storing user profile information, including hashed and salted passwords.