Slack has reset the passwords of thousands of accounts after receiving new information about a hack that took place in March 2015.
In a release on Thursday, Slack said it would reset the passwords of approximately 1% of its accounts. In a securities filing from April 2019, Slack said over 10 million people used its platform daily in the first three months of the year.
Slack, which has been widely adopted in workplaces, is a chat platform that allows people to quickly — and often informally — message one another.
The company said the only affected accounts are those created before March 2015 that have never had a password change. According to the release, 99% of Slack users joined after March 2015 or have changed their password since joining.
At the time of the 2015 hack, Slack said there was unauthorized access to one of its databases containing profile information and encrypted passwords. It blocked the access, reset passwords and released two-factor authentication as an extra security measure. (Two-factor authentication confirms someone’s identify by requiring a verification step in addition to a password.) Slack also released a security feature that allows corporate account managers to launch team-wide password resets and forced log-outs across all devices.
Slack said it hasn’t had any other major hacks since 2015. However, it was recently made aware that some log-in credentials may have been compromised. Initially malware or password re-use were suspected and the identified accounts were reset. Eventually, Slack realized the breach was related to the 2015 hack.
Slack said it has reached out to any potentially affected users.
While Slack said it has “no reason” to think any of the accounts it’s resetting now were actually compromised, it’s taking the security measure as a precaution.
Slack declined to make further comment on the matter.
