Skip to main content
  1. Home
  2. Computing
  3. News

Slack is resetting user passwords in response to a 2015 data breach

Anita George
By
Slack NYSE
Slack Media Kit/Slack

In response to recent developments in a 2015 data breach incident, collaboration software company Slack has announced that starting July 18, it will reset the passwords of some of its user accounts that it believes may still be affected by the breach.

According to a statement on Slack’s blog, the company recently discovered new information regarding a 2015 data breach incident. Apparently, Slack recently received reports about “potentially compromised Slack credentials.” Initially, Slack was able to confirm that some of “the email addresses and password combinations were valid,” and so the company reset these passwords and notified the users affected.

Recommended Videos

But upon further investigation, Slack discovered that most of the compromised credentials “were from accounts that logged in to Slack during the 2015 security incident.” And so, in response to this new information, Slack will reset the passwords of all the accounts that were active during the 2015 data breach. Slack also went on to note that it would only be resetting the passwords of those accounts that meet the following conditions: The account must have been created before March 2015 and the password must not have been changed since thenAffected accounts also do not use a single-sign-on (SSO) provider to log in.

Related

Slack also emphasized that this week’s password reset was just a precautionary measure and that the company has “no reason to believe that any of these accounts were compromised.” Slack has also said that users who have accounts that meet all of the previously mentioned criteria will be “notified directly with instructions.” Slack estimates that only 1% of its user accounts will need to have their passwords reset.

The 2015 data breach occurred in February of that year, and was announced to the public in March. This incident involved the breach of a Slack database that contained user profile information, which included usernames, encrypted passwords, and email addresses. According to the blog post announcement regarding the incident and published at that time, profile information was accessible to hackers, but there was “no indication that the hackers were able to decrypt stored passwords,” and Slack said that payment information had not been accessed or compromised.

Editors' Recommendations

Topics
Anita George
Anita George
Computing Writer
Anita has been a technology reporter since 2013 and currently writes for the Computing section at Digital Trends. She began…
A data breach can cost millions of dollars — and you might be paying it
A dark mystery hand typing on a laptop computer at night.

According to a recent report from IBM Security, data breach costs are constantly on the rise. Unfortunately, this spells bad news not just for the companies involved, but also for the customers -- in more ways than one.

The report, which states that an average data breach is now estimated to cost $4.4 million, exposes the fact that the skyrocketing costs of data breaches directly affect the prices paid by the end customer.

Read more
Personal data of 69 million Neopets users is now up for sale after a data breach
Person typing on a computer keyboard.

Neopets, an aged website that lets users keep virtual pets and take care of them, just suffered a major data breach. Aside from the personal data of over 69 million users, the hacker was able to obtain the website's source code.

This isn't the first time Neopets has faced a massive leak, but this time around, user data is currently being sold for crypto -- and the leak includes more than just usernames and passwords.

Read more
Robinhood reports data breach affecting 7 million customers
Robinhood app on a smartphone.

Online stock trading platform Robinhood has been hit by a data breach affecting about seven million of its customers, the company revealed on Monday, November 8.

The Menlo Park, California-based company said the “data security incident” took place on Wednesday, November 3, when an unauthorized third party “obtained access to a limited amount of personal information.”

Read more