Slack, the business chat utility, has revealed that there was “unauthorized access” to the database where it stores user profile information.
The company sped up the introduction of two factor authentication and is urging users to enable the security feature immediately.
It also highlights its Password Kill Switch, which lets team owners immediately reset passwords and terminate all user sessions. The option is accessible under the authentication tab of your team settings.
In a statement on its blog, Slack said:
We are very aware that our service is essential to many teams. Earning your trust through the operation of a secure service will always be our highest priority. We deeply regret this incident and apologize to you, and to everyone who relies on Slack, for the inconvenience.”
Slack says the incident took place during a four-day period in February. It affected its central database where user names, email addresses, and one-way encrypted (hashed passwords) are stored, as well as user-added information like phone numbers and Skype IDs. That data was accessible to the hackers in this case.
The company says there’s no indication that the intruders were able to decrypt passwords, as it employs a one-way hashing encryption technique, and that no financial information has been compromised.
More information on Slack security practices is available from the company’s website.
➤ March 2015 Security Incident and the Launch of Two-Factor Authentication [Slack]
Get the TNW newsletter
Get the most important tech news in your inbox each week.