Four Years After Hack Attack, Slack Resets User Passwords

“For its part, Slack has taken the opportunity to further promote the use of post-password security measures, asserting in its email, ‘We recommend using two-factor authentication with every service that provides it, including Slack, for an extra layer of security.'”

Four years after a major hack attack, the business-focused instant messaging platform Slack is taking corrective measures to ensure that its user data is protected.

The 2015 hack attack is old news, with Slack having disclosed it shortly after becoming aware of it. Hackers had breached Slack’s user database, gaining access to sensitive information including scrambled passwords, and inserting code to scrape more passwords as users entered them.

Now, Slack has informed certain users that its has been informed through its bug bounty program that some users who haven’t changed their passwords since March of 2015 may still be vulnerable to security risks, and that it has gone ahead with a fix.

“We have no reason to believe any accounts in your workspace were affected; we have no evidence that any password was compromised for any members of your team,” the company wrote in its email to users. “However, out of an abundance of caution, we’ve decided to reset all passwords that have not been changed since March of 2015.”

It’s just the latest sign of the persistent threat of data breaches, and the potentially damaging effects that such incidents can wreak to victim companies even after the dust seemed to have settled. For its part, Slack has taken the opportunity to further promote the use of post-password security measures, asserting in its email, “We recommend using two-factor authentication with every service that provides it, including Slack, for an extra layer of security.” It’s advice that has an increasingly resonant ring with each new disclosure about hack attacks and data breaches.

Source: TechCrunch