In the course of Slack 2015, Slack has begun sending users e-mails that their passwords were reset, because the security incident affected them. Slack said that this affects only 1% of its users.
In 2015, Slack was hacked. Including a data base with hashed passwords, an unauthorized user could gain access to their infrastructure. The attackers also injected a script to capture passwords in plain text when logged into their work spaces by users.
“In 2015, unauthorized individuals gained access to some Slack infrastructure, including a database that stored user profile information including usernames and irreversibly encrypted, or “hashed,” passwords. The attackers also inserted code that allowed them to capture plaintext passwords as they were entered by users at the time. “
Slack resets the user passwords they could determine after the incident and encourages others to re-settle their passwords.
Slack said they had been contacted by a researcher in a security notice published today about potentially compromised accounts via their bug bounty program.
Following an investigation, all these accounts were found to be active and logged in during their security incident of 2015.
To be sure, Slack decided to reset passwords for all account compatibility:
Before March 2015, you created your account AND did not change your password as AND you do not need to log in via a Single Sign-on (SSO) Provider to AND you need to be logged on to your account.
This affects only 1% of the user base and does not affect users logging into via one-sign-on (SSO).
“We were contacted through our bug bounty program by someone with information about potentially compromised Slack credentials, the email addresses and passwords people use to access the service. We investigated and determined the majority of credentials matched accounts that logged in to Slack during the 2015 security incident.
We have no reason to believe your account was affected. However, out of an abundance of caution we’ve decided to reset all passwords that have not been changed since March of 2015. Your account is included in this group. The affected account is: “
Slack started to send password reset notifications for those users affected, explaining why they reset their passwords.
Example Slack Workspace Access Logs
Slack also recommends that users allow 2-factor authentication to secure their accounts.