Slack Hacked, Leaving 500,000 User Emails Exposed
Slack Technologies sure is making headlines. The San Francisco maker of an online workplace collaboration tool -- which has drawn attention over its $2.76 billion market valuation -- revealed a major hack of its user database Friday, releasing email addresses and potentially phone numbers of its 500,000 users.
Slack reported that hackers infiltrated its central user database, which includes email addresses and anything else added to users’ profiles, such as phone numbers or Skype IDs. Passwords, however, are encrypted in the database.
The hack reportedly took place over four days in February. Slack did not notify all users until publishing a blog post Friday morning and later emailing all users.
“The announcement was made as soon as we were able to confirm details,” the post read.
The company reported that it detected suspicious activity in some accounts and notified those specific users earlier, a Slack spokesperson wrote to International Business Times in an email.
With the announcement of the hack, Slack pushed two new security features. Slack now supports two-factor authentication, a tool that requires users to confirm their log-in through two systems, such as with receiving a text message verification code. The security feature is something that many companies, including Apple with iMessage and Google with Gmail, have started to roll out and push to prevent privacy invasions.
"This further highlights the need for all organizations -- both startups and established companies -- to invest in post-infection software that can quickly identify security breaches and prevent valuable data theft," Paul Martini, CEO of cybersecurity provider iBoss, said in a statement.
Slack was developing two-factor authentication and was about a week away from releasing it, a Slack spokesperson told IBTimes, but the company chose an early launch after confirming the hack. Another new feature, "password kill switch," will allow administrators to terminate all user sessions and reset all passwords.
This isn’t the first time Slack has been criticized for privacy and security concerns. In October 2014, the company gained media attention for leaving the names given to chat rooms visible to anyone. That flaw left potential secret departments and product development at companies, from the likes of Apple, Google and Facebook, exposed. Slack denied the design flaw as a bug but later clarified its policy.
© Copyright IBTimes 2024. All rights reserved.