CIP Cyber

Slack initiated Two-Factor Authentication conceding Security breach

Table of Contents

Slack, a platform for team communication, has affirmed that the company suffered a crucial security breach of its user’s database, exposing sensitive information to malicious hackers.

Slack has reported to The Verge that databases comprising team message history were not accessed as part of the breach. No payment information was leaked; the main concern is user passwords, which were in encrypted form.

The San Francisco-based company has mentioned  in a blog post on Friday that its central user database was accessible to hackers during that window.The database provided little information such as personal data, including user names, email addresses, and one-way encrypted passwords, and other optional info, such as phone numbers and Skype IDs.

Anne Toth, vice president of policy and compliance strategy at Slack, has imparted that there is “no indication that the hackers were able to decrypt stored passwords, as Slack uses a one-way encryption technique called hashing.”

Slack has exploited outside experts and law enforcement officials abetting the investigation, which remains ongoing. According to Slack, it has notified affected individual users and team owners.

Slack has released some security tips as well as two-factor authentication and a password-kill switch for IT administrators to implement. It strongly encourages all users to enable this security feature.

The password-kill feature will enable an instant sign-out and password reset for every member of a given team. The feature is meant to allow leaders to clear out their system spontaneously if the breach is suspected.

Slack has become popular among businesses as an email replacement, reaching more than half a million daily users last month, but the growth has come with new concerns over security.

In October, the company faced criticism over a bug that permitted outsiders to access the list of names of different rooms available at a company. The bug was fixed immediately after being informed.

CIP Cyber Staff

CIP Cyber Staff

CIP Cyber Staff comprises CIP cybersecurity experts committed to delivering comprehensive information on critical infrastructure protection. The content covers diverse topics, equipping professionals to defend organizations and communities in an ever-evolving cyber landscape.

Most popular

Industrial Cybersecurity

Want always be up to date?

Don't miss the latest news

By subscribing to our mailing list, you will be enrolled to receive our new trainings, latest blog posts, product news, and more.

CIP Training & Certifications

Transform your cybersecurity skills with CIP Cyber’s comprehensive training & course offerings

Related Articles

Want always be up to date?

Don't miss the latest news

By subscribing to our mailing list, you will be enrolled to receive our new trainings, latest blog posts, product news, and more.

CIP Training & Certifications

Transform your cybersecurity skills with CIP Cyber’s comprehensive training & course offerings