Pando

Slack reveals February data breach

By Nathaniel Mott , written on March 27, 2015

From The News Desk

Slack has announced that its customers' usernames, passwords, and email addresses were compromised by hackers who broke into the company's internal servers.

In response, Slack has added two-factor authentication along with a feature that allows team leaders to force employees to reset their passwords and log back into the service.

The company said it detected suspicious activity on "a very small number of Slack accounts" and it "notified the individual users and team owners who we believe were impacted and are sharing details with their security teams."

Slack also assured users that its passwords were encrypted and that there is no indication the hackers were able to break that encryption -- which is very good news. Had hackers broken the encryption, they would have accessed not only passwords associated with Slack accounts, but also those associated with other services where customers used the same password -- a risky habit that's become all-too-common.

Data breaches are never good news, but this might be especially bad for Slack which -- as a service that often stewards proprietary data and private communications within enterprises -- needs its users' trust to function. Companies won't use the service to replace or complement email if it puts sensitive data at risk.

The company acknowledged this in its announcement, saying:

We are very aware that our service is essential to many teams. Earning your trust through the operation of a secure service will always be our highest priority. We deeply regret this incident and apologize to you, and to everyone who relies on Slack, for the inconvenience.
It's not clear how many accounts were compromised by the data breach, but we will update the post if that information becomes known.