Slack Resetting Thousands of User Passwords After Learning 2015 Breach Was Worse Than Previously Known

Published by T C on

GIZMODO

Illustration for article titled Slack Resetting Thousands of User Passwords After Learning 2015 Breach Was Worse Than Previously Known
Photo:Getty Images

Slack is resetting roughly 100,000 user passwords for accounts that were active in 2015. The company has only recently learned that an old security breach from four years ago was perhaps worse than previously thought.
The news, first reported byZD Netand confirmed by Slack in an announcement on its website, will only affect about 1 percent of Slack’s 10 million total users. Slack discovered that “unauthorized individuals” had gained access to Slack’s internal infrastructure in 2015 but the company only recently learned the hack may have included some usernames and hashed passwords obtained through malware.

The hackers injected code onto some user computers to capture plaintext passwords in real-timeback in 2015, something that Slack only put together after its bug bounty program recently yielded some usernames and passwords. But Slack says the password resets are merely precautionary.
“We have no reason to believe that any of these accounts were compromised, but we believe that this precaution is worth any inconvenience the reset may cause,” Slack said in a statement posted to itswebsite. “However, we do recognize that this is inconvenient for affected users, and we apologize.”

Slack insists that if you’re among the 99 percent of users who joined the service after March of 2015 your account is fine and your password will not be reset. And if you changed your password since 2015 (which you should have done anyway) then your password is also fine.
If you haven’t set up two-factor authentication yet for Slack, that’s always a good idea, and this is a timely reminder that hackers are going after anything and everything these days. It’s also a good idea to create unique passwords for every account you have across different platforms. People often use the same password everywhere, which means that hackers only need to crack one service and can try the same login credentials everywhere else on the web until they score.

Anyone who believes their account has been impacted and still has questions is encouraged to email Slack directly at security@slack.com .

https://www.javathought.com Disclaimer:
THIS SITE HAS NO AFFILIATION WITH ORACLE, ORACLE’S PRODUCT JAVA.
The text & images for each article were copied from website of the hyperlink located at the bottom link of each article. The views and opinions expressed in this article are not necessarily those of this sites author and do not necessarily reflect the official policy or position of any agency of JT, TC, JAVA THOUGHT.
The opinions expressed in this publication are those of the authors. They do not purport to reflect the opinions or views of JT, TC, JAVA THOUGHT or its members. THE opinions expressed in this article are not necessarily those of this sites author and do not necessarily reflect the official policy or position of any agency of JT, TC, JAVA THOUGHT.
If you have any question or concerns, please email the site admin at: admin@javathought.com . Please allow 10-30 business days for a reply.
https://gizmodo.com/slack-resetting-thousands-of-user-passwords-after-learn-1836492021


0 Comments

This site uses Akismet to reduce spam. Learn how your comment data is processed.