Slack announced it is resetting passwords for accounts belonging to users that have not secured them after the data breach suffered by the company in 2015.
“In response to new information about our 2015 security incident (explained here at the time), we are resetting passwords for approximately 1% of Slack accounts.” reads the announcement published by the company.
“This announcement affects you only if you
The hackers also injected malicious code in the systems of the company to steal
Immediately after the discovery of the data breach, Slack reset the passwords for a limited number of users impacted by the incident. The company also recommended remaining users to change the password and enable 2FA.
Recently Slack discovered through its bug bounty program that credentials of other users might have been compromised. According to the company, attackers could have obtained them via malware or a third-party hack.
“We were recently contacted through our bug bounty program with information about potentially compromised Slack credentials. These types of reports are fairly routine and usually the result of malware or password re-use between services, which we believed to be the case here.” continues the announcement. “We immediately confirmed that a portion of the email addresses and password combinations were valid, reset those passwords, and explained our actions to the affected users.”
Slack has reset the passwords of these users and sent them notifications.
“We were recently notified that your sign-in credentials (email address and password) for your xxxxx account on xxxxxx.slack.com were discovered as being in the possession of an unauthorized individual.” reads the notification. “This may be the result of malware installed on a
Slack is still investigating the latest incident and will share more information after it will be completed.