Slack had the database which stores user profile information accessed without authorization, and to ensure account security they have rolled out two-factor authorization for all accounts. A very small number of accounts were found to be affected by suspicious activity, and Slack has already reached out to those users.
In addition to rolling out two-factor authorization, Slack has put a "Password Kill Switch" in place for team owners. The kill switch will allow team owners to force a termination of all sessions, and require all passwords to be reset with just one button.
The new security measures show that Slack takes this all very serious. Slack did share some information about the attack:
- Slack maintains a central user database which includes user names, email addresses, and one-way encrypted ("hashed") passwords. In addition, this database contains information that users may have optionally added to their profiles such as phone number and Skype ID.
- Information contained in this user database was accessible to the hackers during this incident.
- We have no indication that the hackers were able to decrypt stored passwords, as Slack uses a one-way encryption technique called hashing.
- Slack's hashing function is bcrypt with a randomly generated salt per-password which makes it computationally infeasible that your password could be recreated from the hashed form.
- Our investigation, which remains ongoing, has revealed that this unauthorized access took place during a period of approximately 4 days in February.
- No financial or payment information was accessed or compromised in this attack.
Slack urges that users enable two-factor authorization on their account, and they have laid out very simple instructions of how to do so.
We may earn a commission for purchases using our links. Learn more.
A Reddit hack has plastered popular subreddits with pro-Trump messages
Reddit is investigating a series of vandalized communities which have been plastered with pro-Trump messages. Compromised moderators may be the source of the attacks.
Go beyond the Wall in Apple Arcade's Game of Thrones: Tale of Crows
"Game of Thrones" fans can now explore the lands beyond the Wall on their iPhone, iPad, Mac, and Apple TV.
Review: The Porsche Taycan can stream Apple Music, no phone or data needed
The 2020 Porsche Taycan is a sweet ride, but it's also the first to fully integrate Apple Music into its own infotainment system — without your phone or data.
Train insane with the best fitness trackers for triathletes
These fitness trackers are the cream of the crop when it comes to health and fitness tracking for triathlon training. Which tracker will you need? Here's what our research shows.