Skip to main content
  1. Home
  2. Computing
  3. News

Slack is resetting user passwords in response to a 2015 data breach

By
Slack NYSE
Slack Media Kit/Slack

In response to recent developments in a 2015 data breach incident, collaboration software company Slack has announced that starting July 18, it will reset the passwords of some of its user accounts that it believes may still be affected by the breach.

According to a statement on Slack’s blog, the company recently discovered new information regarding a 2015 data breach incident. Apparently, Slack recently received reports about “potentially compromised Slack credentials.” Initially, Slack was able to confirm that some of “the email addresses and password combinations were valid,” and so the company reset these passwords and notified the users affected.

Recommended Videos

But upon further investigation, Slack discovered that most of the compromised credentials “were from accounts that logged in to Slack during the 2015 security incident.” And so, in response to this new information, Slack will reset the passwords of all the accounts that were active during the 2015 data breach. Slack also went on to note that it would only be resetting the passwords of those accounts that meet the following conditions: The account must have been created before March 2015 and the password must not have been changed since thenAffected accounts also do not use a single-sign-on (SSO) provider to log in.

Related

Slack also emphasized that this week’s password reset was just a precautionary measure and that the company has “no reason to believe that any of these accounts were compromised.” Slack has also said that users who have accounts that meet all of the previously mentioned criteria will be “notified directly with instructions.” Slack estimates that only 1% of its user accounts will need to have their passwords reset.

The 2015 data breach occurred in February of that year, and was announced to the public in March. This incident involved the breach of a Slack database that contained user profile information, which included usernames, encrypted passwords, and email addresses. According to the blog post announcement regarding the incident and published at that time, profile information was accessible to hackers, but there was “no indication that the hackers were able to decrypt stored passwords,” and Slack said that payment information had not been accessed or compromised.

Editors’ Recommendations

Topics
Anita George
Anita George
Computing Writer
Anita George has been writing for Digital Trends' Computing section since 2018. So for almost six years, Anita has written…
Microsoft data breach exposed sensitive data of 65,000 companies
A depiction of a hacker breaking into a system via the use of code.

Microsoft servers have been subject to a breach that might have affected over 65,000 entities across 111 countries, according to the security research firm, SOCRadar.

SOCRadar claims that it shared with Microsoft its findings, which detailed that a misconfigured Azure Blob Storage was compromised and might have exposed approximately 2.4TB of privileged data, including names, phone numbers, email addresses, company names, and attached files containing proprietary company information, such as proof of concept documents, sales data, product orders, among other information.

Read more
Online payment fraud has doubled over the past seven years
A person holding a ThinkPad Nano X1 Gen 2 laptop in front of a window.

Online payment fraud increased 137% over the past seven years according to research conducted by SEON, a UK-based fraud prevention service.

SEON based its research on data from the Identity Threat Research Center and used it to identify data compromises that came from online payments.

Read more
Hackers stole LastPass source code in data breach incident
lastpass on phone

Today, LastPass confirmed a data breach in a blog post describing the incident to its customers that rely on the company's products for online security. The company emphasized that customer data was not stolen in the breach, however, and that users do not have to do anything to secure their data.

In a post written by CEO Karim Toubba, LastPass stated the following:

Read more