In March 2015, Slack announced that it had been hacked the previous month, and that a central user database holding “usernames, email addresses, and one-way encrypted (‘hashed’) passwords” had been accessed. In some instances, phone numbers and Skype IDs were also exposed.
Slack said that it had “no indication that the hackers were able to decrypt stored passwords”.
At the time I questioned whether Slack had really announced the breach as speedily as it claimed (“as soon as we could confirm the details and as fast as we could type”), and criticised a lack of transparency in the company’s timeline of what had occurred.
One of my suspicions was that Slack delayed the announcement to coincide with its support of two-factor authentication, allowing users to better harden their account security but also softening the blow to the company’s image.
Many people have probably forgotten about the 2015 Slack data breach, but what we thought was an old story is now making headlines again because yesterday – over four years after the hack – the service made a new announcement.
“In response to new information about our 2015 security incident, we are resetting passwords for approximately 1% of Slack accounts.”
Slack says that in 2015 it reset the passwords for the “small number of Slack users” it confirmed had been affected by the hack. However, it has now decided to reset passwords “for all accounts that were active at the time of the 2015 incident, with the exception of accounts that use SSO or with passwords cha ..
Support the originator by clicking the read the rest link below.
