Slack announces breach, unauthorised access to database

News by Adam Greenberg

Team communication platform Slack announced on Friday that for roughly four days in February unauthorised access was gained to a database and suspicious activity has subsequently been detected on a small number of accounts.

The information in the database that was accessible during the incident includes usernames, email addresses and encrypted passwords, according to a release, which adds that optional information, such as phone numbers and Skype IDs, could have been impacted as well.

“Slack's hashing function is bcrypt with a randomly generated salt per-password which makes it computationally infeasible that your password could be recreated from the hashed form,” the release states.

An investigation is ongoing. Slack has implemented two-factor authentication, as well as a feature that allow for team-wide resetting of passwords and forced termination of all user sessions for all team members.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews