A cyber attack in 2015, recently brought to the attention of Slack, has caused a reset of the passwords of a number of users. Slack was recently notified of a list of passwords that have been captured in this attack, reports Tweakers.
The data breach had been known before, but the assumption was that only hacked passwords had been stolen. The new information is now that hackers at the time also used code that made the data visible in plain text, in other words, readable for everyone. At the time, Slack had already taken a number of security measures to prevent user account degradation, and the company claims that this did not happen. However, there is no evidence to support this claim.
The data that has been captured belongs to accounts that were all created earlier than 2015, and in total represents about one percent of all users that the platform had at that time. All accounts in question receive a report about the situation from the company. The users who were affected did not use single sign-on. Even users who have already changed their password in the meantime do not need to change it again.
ZDNet reports a salient detail: even large Slack customers with annual contracts of more than one tonne could be affected, but there are no official reports about this. The company further suspects that the attack in 2015 was carried out by the use of malware or by retrieving user data from third party sites, such as the aptly named www.haveibeenpwned.com.This news article was automatically translated from Dutch to give Techzine.eu a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.