Slack to Reset Passwords for Some Accounts in Response to Knowledge Breach
Slack Media Package/Slack
In response to latest developments in a 2015 information breach incident, collaboration software program firm Slack has introduced that beginning July 18, it would reset the passwords of a few of its person accounts that it believes should be affected by the breach.
Based on an announcement on Slack’s weblog, the corporate not too long ago found new info concerning a 2015 information breach incident. Apparently, Slack not too long ago acquired stories about “doubtlessly compromised Slack credentials.” Initially, Slack was capable of verify that a few of “the e-mail addresses and password mixtures had been legitimate,” and so the corporate reset these passwords and notified the customers affected.
However upon additional investigation, Slack found that many of the compromised credentials “had been from accounts that logged in to Slack in the course of the 2015 safety incident.” And so, in response to this new info, Slack will reset the passwords of all of the accounts that had been lively in the course of the 2015 information breach. Slack additionally went on to notice that it could solely be resetting the passwords of these accounts that meet the next circumstances: The account will need to have been created earlier than March 2015 and the password should not have been modified since thenAffected accounts additionally don’t use a single-sign-on (SSO) supplier to log in.
Slack additionally emphasised that this week’s password reset was only a precautionary measure and that the corporate has “no cause to imagine that any of those accounts had been compromised.” Slack has additionally mentioned that customers who’ve accounts that meet the entire beforehand talked about standards can be “notified straight with directions.” Slack estimates that only one% of its person accounts might want to have their passwords reset.
The 2015 information breach occurred in February of that 12 months, and was introduced to the general public in March. This incident concerned the breach of a Slack database that contained person profile info, which included usernames, encrypted passwords, and electronic mail addresses. Based on the weblog submit announcement concerning the incident and revealed at the moment, profile info was accessible to hackers, however there was “no indication that the hackers had been capable of decrypt saved passwords,” and Slack mentioned that fee info had not been accessed or compromised.