Slack announced it is resetting passwords for accounts belonging to users that have not secured them after the data breach suffered by the company in 2015.
“In response to new information about our 2015 security incident (explained here at the time), we are resetting passwords for approximately 1% of Slack accounts.” reads the announcement published by the company.
“This announcement affects you only if you
The hackers also injected malicious code in the systems of the company to steal
Immediately after the discovery of the data breach, Slack reset the passwords for a limited number of users impacted by the incident. The company also recommended remaining users to change the password and enable 2FA.
Recently Slack discovered through its bug bounty program that credentials of other users might have been compromised. According to the company, attackers could have obtained them via malware or a third-party hack.
“We were recently contacted through our bug bounty program with information about potentially compromised Slack credentials. These types of reports are fairly routine and usually the result of malware or password re-use between services, which we believed to be the case here.” continues the announcement. “We immediately confirmed that a portion of the email addresses and password combinations were valid, reset those passwords, and explained our actions to the affected users.”
Slack has reset the passwords of these users and sent them notifications.
“We were recently notified that your sign-in credentials (email address and password) for your xxxxx account on xxxxxx.slack.com were discovered as being in the possession of an unauthorized individual.” reads the notification. “This may be the result of malware installed on a
Slack is still investigating the latest incident and will share more information after it will be completed.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.