Slack, the company responsible for developing the eponymous chat-based work platform, announced through a blog update on Friday that it has been the victim of a cyber-attack in February, during which hackers could access user profile information in one of their databases.
The company has since blocked unauthorized access to the database, while also releasing two factor authentication – an extra security measures that has users download an authentication app on their smartphone.
The blog post also offered more specific information about the attack, stating that the exposed database was one that stored information such as names, email address, encrypted passwords, mobile numbers and Skype ID; all of these were accessible to the hackers during the attack. The breach in security lasted about 4 days and it happened sometime in February.
The company also said that it had no reason to believe that any of the stored passwords were compromised in any way through hashing. However, as an added security measure, team owners were added the option “Password Kill Switch”, which will automatically reset all user passwords within a team sign everyone out of their accounts.
According to the post, no payment/financial information was made available to the hackers during the attack. Slack says that it has also provided necessary information about the hack to law enforcement.
However, SecurityScorecard CRO Alex Heid told The Business Insider earlier that user information is still at risk despite the company trying to assure clients that it is not the case. He stated that encryption techniques just make the passwords take longer to crack, and advised all Slack users to immediately change their passwords, both on the app and on any other site on which they use the same password.
The fact that the announcement was made some time after the attack may be linked to the $160 million funding that the company recently got from a number of investors. It is possible that it planned to keep the breach secret, but it had to inform investors of it before receiving the funding.
Earlier this week, another hacking incident affected popular game-streaming service Twitch.tv in a similar way, with profile information becoming available to hackers. Unlike Slack, the Amazon-parented company automatically reset all the passwords of its users.
Image Source: Mac App Store