On Friday, the work based chat application announced on it blog that it has fallen prey for a cyber-attack in February, during which hackers could have laid their hands on user profile information in one of the databases. The worth of the breached database is considered to be more than $2 billion.
Security researcher are all working on the breach and how it may affect the users. The company has assured its users that all its passwords were encrypted. Also, unauthorized access to the database has been blocked and released two factor authentication – an additional security measures wants the users to download an authentication app on their smartphones.
“The company is emphasizing that the passwords are encrypted and salted, but that simply means they will take just a little longer to crack,” said Alex Heid, chief research officer at SecurityScorecard. He also explained, after its cracked the hackers can take the exposed credentials and reuse it to users’ other accounts on other sites like Amazon Netflix, etc. Especially those who use the same password to many accounts are on at most risk.
So, Slack recommends its users to change not only its Slack password but other online services too and also, enable two-factor authentication.
Slack also stated there is no proof to believe that any of the stored passwords were compromised in any way through hashing. However, it is always better to be safe and take precautions. For that, team owners have got a new option ‘Password Kill Switch,’ which will on its own reset all the user passwords within a team when everyone in the team signs out of their accounts.
As a add-on, the company has released an uptick of the phishing campaigns on the emails that would help the uses to lookout for any unwanted attachments and illegal mail campaigns that could possibly contain malware.
Apart from the breach, Slack seems to have some issues on their practice. If the hacker wants to know the list of companies using Slack, a simple Google search will give all the needed answers. Heid tried it himself and found ‘activation links’ linked to specific user accounts. Also, critics say that Slack’s design is very vulnerable and prone to attract hackers.
Another hacking incident was reported early this week that affected popular game-streaming service Twitch.tv in a way very much similar to the Slack where the hackers got the profile information of the users. But unlike Slack, the Amazon-parented company automatically reset all the user passwords to move to safety.