Slack Resets 1% of Passwords After 2015 Data Breach

New information discovered in the aftermath of Slack’s security breach from March 2015 has prompted the company to reset the passwords of some of its users, according to a July 18 blog post. 

Slack explained that it reset account passwords for 1% of its users. Any users who created their account before March 2015 and haven't since changed their passwords and do not use single sign-on (SSO) will likely have their passwords reset by the company.

“We were recently contacted through our bug bounty program with information about potentially compromised Slack credentials. These types of reports are fairly routine and usually the result of malware or password reuse between services, which we believed to be the case here,” Slack wrote.

Recognizing – and apologizing for – the potential inconvenience, Slack explained, “Today we are resetting passwords for all accounts that were active at the time of the 2015 incident, with the exception of accounts that use SSO or with passwords changed after March 2015. We have no reason to believe that any of these accounts were compromised, but we believe that this precaution is worth any inconvenience the reset may cause.”

The announcement highlights the continued need to educate consumers about proper security hygiene, according to Terence Jackson, chief information security officer at Thycotic.

“We cannot control the situation in which our data will be breached, but what we can do is limit the fallout when it happens. These credentials that were exposed in 2015 are still surfacing. Once the data is out there, it’s out there. Using ..

Support the originator by clicking the read the rest link below.