728 x 90

Slack resets thousands of user passwords following 2015 data breach

Slack resets thousands of user passwords following 2015 data breach

Some might say the company has been, er slacking in the security department WORKPLACE CHAT OUTFIT Slack is resetting the passwords of thousands of users who had their details compromised in a 2015 data breach. Back in March 2015, Slack admitted that hackers had gained unauthorized access to a database storing user profile information, including

Slack resets thousands of user passwords following 2015 data breach

Some might say the company has been, er slacking in the security department

WORKPLACE CHAT OUTFIT Slack is resetting the passwords of thousands of users who had their details compromised in a 2015 data breach.

Back in March 2015, Slack admitted that hackers had gained unauthorized access to a database storing user profile information, including user names, email addresses and one-way encrypted passwords. 

At the time, the company said that it had “no indication” that the hackers were able to decrypt stored passwords, though noted that we detected suspicious activity affecting “a very small number of Slack accounts.”

However, the firm this week admitted that it has learned through its bug bounty program that a collection of user email addresses and password combinations had been compromised, which it has linked to since linked to the 2015 breach. 

Any users who created their account before this March 2016 who have not changed their passwords since and who do not use single-sign-on can expect to have their passwords reset by the company. Slack says about one per cent of its customers are affected, which ZDNet claims amounts to around 65,000 users.    

“We have no reason to believe that any of these accounts were compromised, but we believe that this precaution is worth any inconvenience the reset may cause,” Slack said. “However, we do recognize that this is inconvenient for affected users, and we apologize.

Slack said the security incident does not apply to “the approximately 99 per cent who joined Slack after March 2015” or those who changed their password since.

“This may be the result of malware installed on a computer you’ve used to sign in to Slack or your credentials being reused from a previous breach of a third party, such as those listed on sites like haveibeenpwned.com,” reads a draft of the message the company intends to send impacted customers, seen by ZDNet. µ

Further reading



Source link

Susan E. Lopez
ADMINISTRATOR
PROFILE

Posts Carousel

Leave a Comment

Your email address will not be published. Required fields are marked with *

Latest Posts

Top Authors

Most Commented

Featured Videos