Breach, Data Security

Slack announces breach, unauthorized access to database


Team communication platform Slack announced on Friday that for roughly four days in February unauthorized access was gained to a database and suspicious activity has subsequently been detected on a small number of accounts.

The information in the database that was accessible during the incident includes usernames, email addresses and encrypted passwords, according to a release, which adds that optional information, such as phone numbers and Skype IDs, could have been impacted as well.

“Slack's hashing function is bcrypt with a randomly generated salt per-password which makes it computationally infeasible that your password could be recreated from the hashed form,” the release states.

An investigation is ongoing. Slack has implemented two-factor authentication, as well as a feature that allow for team-wide resetting of passwords and forced termination of all user sessions for all team members.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.