Slack data breach took place in 2015 but the company became aware of the incident recently through its bug bounty program.
Slack has suffered a data breach in which thousands of users have been affected. As a result, the company is resetting passwords of thousands of impacted users.
The data breach took place back in 2015 but the company recently became aware of the incident in which unknown hackers managed to steal database containing profile related information of Slack users including usernames, email addresses, and encrypted passwords.
However, hackers inserted malicious code to extract plaintext passwords which were entered by users at the time of the breach.
Slack further revealed that it became aware of the data breach through its bug bounty program after someone contacted the company with a list of its users’ emails and passwords. Slack claims that the list belongs to 2015 data breach.
In a security notice, Slack acknowledged the breach and stated that only a handful of users were impacted. This includes those who created their account before March 2015, those who did not change their passwords since and those who do not use single-sign-on.
Slack further maintains that the data breach does not apply to “the approximately 99 percent who joined Slack after March 2015” or those who have changed their password since the incident.
“We are resetting passwords for approximately 1% of Slack accounts […] In other words, if you’re one of the approximately 99% who joined Slack after March 2015 or changed your password since then, this announcement does not apply to you,” wrote Slack Team.