Slack, the popular communication tool aimed at businesses and teams, has reported that it was hacked for four days last month. The unauthorized access exposed user account information and passwords, though the company doesn’t believe these passwords were decrypted by the hackers, and no financial payment information was accessed.
“Since the compromised system was first discovered, we have been working 24 hours a day to methodically examine, rebuild and test each component of our system to ensure it is safe,” writes Slack’s Anne Toth on the company blog. “We are collaborating with outside experts to cross-check assumptions and ensure that we are meticulous in our approach. In addition we have notified law enforcement of this illegal intrusion.”
In response to the incident, Slack is rolling out two-factor authentication. As with other services that use the procedure, such as Gmail, Facebook, and Dropbox, users will now have to verify their identities with a mobile code as well as a password. Slack is also adding the ability for organizations to reset the passwords for their entire team at once.
If your company uses Slack, you may well have seen a password reset email appear in your inbox, but if not it’s still a good idea to change your password anyway. Chat logs weren’t accessed during the hack, so your previous communications with your colleagues should be safe. In addition, Slack is directly contacting a small number of users where “suspicious activity” was detected on their accounts.
The fledgling startup currently boasts 500,000 active users and 60,000 clients, including Apple, Google, and Amazon. The most recent round of funding saw the company valued at $1.2 billion, though there are reports that this valuation will rise during the next funding cycle.