Skip to main content

Slack is resetting user passwords in response to a 2015 data breach

Slack NYSE
Slack Media Kit/Slack

In response to recent developments in a 2015 data breach incident, collaboration software company Slack has announced that starting July 18, it will reset the passwords of some of its user accounts that it believes may still be affected by the breach.

According to a statement on Slack’s blog, the company recently discovered new information regarding a 2015 data breach incident. Apparently, Slack recently received reports about “potentially compromised Slack credentials.” Initially, Slack was able to confirm that some of “the email addresses and password combinations were valid,” and so the company reset these passwords and notified the users affected.

But upon further investigation, Slack discovered that most of the compromised credentials “were from accounts that logged in to Slack during the 2015 security incident.” And so, in response to this new information, Slack will reset the passwords of all the accounts that were active during the 2015 data breach. Slack also went on to note that it would only be resetting the passwords of those accounts that meet the following conditions: The account must have been created before March 2015 and the password must not have been changed since thenAffected accounts also do not use a single-sign-on (SSO) provider to log in.

Slack also emphasized that this week’s password reset was just a precautionary measure and that the company has “no reason to believe that any of these accounts were compromised.” Slack has also said that users who have accounts that meet all of the previously mentioned criteria will be “notified directly with instructions.” Slack estimates that only 1% of its user accounts will need to have their passwords reset.

The 2015 data breach occurred in February of that year, and was announced to the public in March. This incident involved the breach of a Slack database that contained user profile information, which included usernames, encrypted passwords, and email addresses. According to the blog post announcement regarding the incident and published at that time, profile information was accessible to hackers, but there was “no indication that the hackers were able to decrypt stored passwords,” and Slack said that payment information had not been accessed or compromised.

Editors' Recommendations

Anita George
Anita has been a technology reporter since 2013 and currently writes for the Computing section at Digital Trends. She began…
Robinhood reports data breach affecting 7 million customers
Robinhood app on a smartphone.

Online stock trading platform Robinhood has been hit by a data breach affecting about seven million of its customers, the company revealed on Monday, November 8.

The Menlo Park, California-based company said the “data security incident” took place on Wednesday, November 3, when an unauthorized third party “obtained access to a limited amount of personal information.”

Read more
Hackers just stole personal data from millions of Acer customers
acer swift 3 13 2019 review acerswift3132019

Acer has just confirmed that its servers were beached by a group of hackers called Desorden. The hackers managed to steal over 60 gigabytes worth of data containing sensitive information about millions of Acer's customers.

The compromised information includes the names, addresses, and phone numbers of several million clients, but also restricted corporate financial data.

Read more
Slack went down for users around the world. Here’s the latest on the outage
Slack is down

Slack went down worldwide for roughly an hour Tuesday evening, leaving companies scrambling to communicate right at the end of the U.S. workday.

The chat app went down around 4:53 p.m. PT on Tuesday, according to Slack's Status page. Service began to come back about an hour later, around 5:50 p.m.

Read more