At the time of the incident, the firm revealed its security defences had been breached by hackers who broke into the profile user database to access scrambled passwords. The cyber-criminals deposited a code into Slack’s system to lift a user’s plaintext password as it was typed in by the account holder at the time.
The American cloud-based service said it received a list of supposedly compromised passcodes which may date back to the original data breach.
Slack has underlined that there is nothing to fear for 99% of those who joined up after March 2015, or for those who have since changed their password. Accounts that rely on single sign-on through a company network are similarly unaffected, the firm says, adding that there is no evidence to suggest that any accounts have yet been exposed.
At the time of the breach, Slack estimated that just 1% of all accounts would potentially be affected, while other reports thought there to be around 65,000 victims.
Article originally published on PrivSec:Report
PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.
For more information on upcoming events, visit the website.