Slack was hacked, but has impressive fix for users

Here at SlashGear, we're big fans of Slack. It's easy to use, sips battery power ever so slightly, and can be scaled to your needs. Still, the service is not without it's issues. Late last year, a bug was discovered in Slack that allowed just about anyone to peer into any room on Slack. Quickly patched, it was still concerning. Today, the company is admitting more fault; it seems Slack was hacked. For four days in February, someone had quite a bit of access to your info.

Like they did with their other issue, Slack has fixed things as well as we could hope. Not only did they patch their security breach, they've instituted two-factor authentication for all users.

Taking things a step further, team owners can now use a "Password Kill Switch" for Slack. That feature "allows for both instantaneous team-wide resetting of passwords and forced termination of all user sessions for all team members (which means that everyone is signed out of your Slack team in all apps on all devices)."

If you were using slack in February, some light info was possibly snagged. Emails, user names, and hashed passwords were at-risk during four days in February. Also jeopardized were info added to profiles, like Skype IDs or phone numbers.

The info was accessed via centralized database Slack keeps on all user info. Though hackers obtained secured passwords, there's no indication (yet) they were able to decrypt them.Slack says their encryption method "randomly generated salt per-password which makes it computationally infeasible that your password could be recreated from the hashed form."

If you used Slack at the time of the hack, it's still a good idea to reset your password.

As for using Slack — well, these things happen. They've at least responded well, and are taking extraordinary measures to examine what happened and make sure it doesn't occur again.

Source: Slack