Slack Resets Passwords For Users Who Hadn't Changed It Since 2015

If you use Slack, a popular cloud-based team collaboration server, and recently received an email from the company about a security incident, don't panic and read this article before taking any action.

Slack has been sending a "password reset" notification email to all those users who had not yet changed passwords for their Slack accounts since 2015 when the company suffered a massive data breach.

For those unaware, in 2015, hackers unauthorisedly gained access to one of the company's databases that stored user profile information, including their usernames, email addresses, and hashed passwords.

At that time, attackers also secretly inserted code, probably on the login page, which allowed them to capture plaintext passwords entered by some Slack users during that time.

However, immediately following the security incident, the company automatically reset passwords for those small number of Slack users whose plaintext passwords were exposed, but asked other affected users to change their passwords manually.

The latest security incident only affects users, who:

created an account before March 2015,have not changed their password since the incident, andaccounts that do not require logging in via a single-sign-on (SSO) provider.

It is also possible that someone might have successfully cracked hashed passwords that were leaked in the 2015 data breach, even when it was protected using the bcrypt algorithm with a randomly generated salt per-password.

Late last month, Slack also sent a separate notification to all the affected users informing them about the potential compromise of their credentials without providing any details of the incident, but it seems many users ignored the warning and did not change their passwords voluntarily.

Therefore, now Slack has automatically reset passwords on affected accounts, that are about 1% of the total registered users, that haven't been updated since 2015 as a precautionary measure, asking them to set a new password using this guide.

Besides your changing password, you are also recommended to enable two-factor authentication for your Slack accounts, even if you are not affected.

Slack is still investigating the latest security incident and promises to share more information as soon as they are available.

For more depth analysis visit SOURCE : 1

An Ethical hacker should know the penalties of unauthorized hacking into a system. Read more at: Legality and Ethics

#Slack #slackfly #slackdotline #slackandselfie #slackvida #SlackerzEnt #slackspain #slacklinerj #slacknaveia #Slackjaw #Slackerday #slackclimb #slackalackin #slackboy #slackind #slackbrasil #slackkids #slacklinechile #slackrs #slackandfeeltheline #slacklinestrret #slacker #SlackTV #slacks #slacklife #slackparaiba #slacklifestyleusa #slackdrop #slackgirls #slackkey


For more tricks and update over hacking stay tuned to our site: Note 4 Tech