Team communication platform Slack announced on Friday that for roughly four days in February unauthorised access was gained to a database and suspicious activity has subsequently been detected on a small number of accounts.
The information in the database that was accessible during the incident includes usernames, email addresses and encrypted passwords, according to a release, which adds that optional information, such as phone numbers and Skype IDs, could have been impacted as well.
“Slack's hashing function is bcrypt with a randomly generated salt per-password which makes it computationally infeasible that your password could be recreated from the hashed form,” the release states.
An investigation is ongoing. Slack has implemented two-factor authentication, as well as a feature that allow for team-wide resetting of passwords and forced termination of all user sessions for all team members.