Slack, the increasingly popular team chat application, has been hacked, potentially revealing private information of over 500,000 users. Although the incident is several weeks old, company officials didn’t make the announcement until Friday, claiming it took them that long to determine the exact circumstances.
Users’ personal details exposed include e-mail addresses, Skype IDs, telephone numbers and any other optional info they may have introduced in Slack database. Slack vice-president Anne Toth revealed specific details about the hack in the company’s Friday online press release.
According to Toth, over a four-day timespan in February hackers were able to access a Slack database containing extensive information about its users, such as hashed passwords or Skype account details.
Some of the data is still safe, Slack executives told media, including payment card information, as well as most of the most of the messages users sent each other prior to and during the exposure period. Most likely, the hashed passwords were not cracked, so the hackers could not take control of user accounts during the attack. Still, the service advised its users that a password change is recommended.
Slack executives told media that they wanted to make sure of the exact damage of the cyber-attack before they make any announcements, and that’s why it took them more than a month to come with the news. “Since the compromised system was first discovered, we have been working 24 hours a day to methodically examine, rebuild and test each component of our system to ensure it is safe,” Toth told in an email, suggesting that Slack also wanted to delay any announcement until they made sure their service is secure again.
The chat service’s technicians have come with a better sign in system that Slack officials claim to be safer. It involves using a two-factor authentication system, through both Google Authenticator and Duo Mobile. “We are collaborating with outside experts to cross-check assumptions and ensure that we are meticulous in our approach,” the Slack spokeswoman explained.
The new authentication system is not mandatory for each user, but Slack recommends it for being more efficient at protecting personal information. Additionally, now the service offers team administrators a
Slack has recently established itself as one of the most popular workplace chat-room services amongst West Coast companies. The company’s estimated value boomed in recent months and is now thought to be around $2.8 billion.
Slack is not on its first mistake though, having been criticized before for its user data protection policy. In October last year, it created waves in the media for not protecting chat space names, a flaw that could have potentially exposed details about Slack users’ other accounts, such as Facebook, Google or Apple.
Image Source: Growth Hackers
Latest posts by Anne-Marie Jackson (see all)
- SF Hospital Slaps New Parents with $19K Bill for Baby Treatment - Mar 16, 2019
- Furious Trump Blasts Harley-Davidson for Moving Production Overseas - Mar 16, 2019
- Warning! MRI Machines Could Poison You - Mar 16, 2019