Skip to main content

Slack is resetting user passwords in response to a 2015 data breach

Slack NYSE
Slack Media Kit/Slack

In response to recent developments in a 2015 data breach incident, collaboration software company Slack has announced that starting July 18, it will reset the passwords of some of its user accounts that it believes may still be affected by the breach.

Recommended Videos

According to a statement on Slack’s blog, the company recently discovered new information regarding a 2015 data breach incident. Apparently, Slack recently received reports about “potentially compromised Slack credentials.” Initially, Slack was able to confirm that some of “the email addresses and password combinations were valid,” and so the company reset these passwords and notified the users affected.

But upon further investigation, Slack discovered that most of the compromised credentials “were from accounts that logged in to Slack during the 2015 security incident.” And so, in response to this new information, Slack will reset the passwords of all the accounts that were active during the 2015 data breach. Slack also went on to note that it would only be resetting the passwords of those accounts that meet the following conditions: The account must have been created before March 2015 and the password must not have been changed since thenAffected accounts also do not use a single-sign-on (SSO) provider to log in.

Slack also emphasized that this week’s password reset was just a precautionary measure and that the company has “no reason to believe that any of these accounts were compromised.” Slack has also said that users who have accounts that meet all of the previously mentioned criteria will be “notified directly with instructions.” Slack estimates that only 1% of its user accounts will need to have their passwords reset.

The 2015 data breach occurred in February of that year, and was announced to the public in March. This incident involved the breach of a Slack database that contained user profile information, which included usernames, encrypted passwords, and email addresses. According to the blog post announcement regarding the incident and published at that time, profile information was accessible to hackers, but there was “no indication that the hackers were able to decrypt stored passwords,” and Slack said that payment information had not been accessed or compromised.

Anita George
Former Digital Trends Contributor
Anita George has been writing for Digital Trends' Computing section since 2018. So for almost six years, Anita has written…
Hackers targeted 1Password after Okta breach, but your logins are safe
A dark mystery hand typing on a laptop computer at night.

Security credentials like usernames and passwords are a tempting target for hackers, and even the best password managers can come under threat from time to time. That was the case recently with the popular password manager 1Password, which recently disclosed (via Bleeping Computer) that its Okta support system was breached by malicious hackers.

Fortunately, it doesn’t appear that any customer data was stolen, so if you use 1Password, your login info should be safe for now. However, it’s always good to regularly update your passwords (or use passkeys) just in case they fall into the wrong hands.

Read more
Hack involved the data of a nation’s entire population
A depiction of a hacker breaking into a system via the use of code.

Hackers are well known to nab customer data held by companies, but obtaining the personal data of pretty much all of the residents of a single nation in one fell swoop takes the nefarious practice to a whole new level.

The remarkable feat was allegedly performed by a 25-year-old Dutch hacker who, when arrested by police, had in his possession personal data linked to pretty much every resident of Austria -- about nine million people.

Read more
If you use PayPal, your personal data may have been compromised
A person holds a mobile phone with the PayPal app open.

PayPal has recently suffered a massive data breach, and if you were one of the affected users, your details may have been leaked. Given the nature of a PayPal account, the exposed data includes some of the most sensitive information, which could put those users at risk of identity theft.

The company is taking steps to protect the accounts from further damage. Here's what we know about what happened and how to protect yourself.

Read more