Slack-Hack Got User Passwords Compromised – Now Offers Two-Factor Authentication
Reaching to become one of the top chat room service for team communications, Slack is definitely getting popular. This is a platform primarily built to make communication between teams easier. The platform, as it turns out, was hacked back in February when hackers managed to access Slack's central database. Slack has released the details today after patching up the database and adding some extra layers of security.
Slack hack: what happened?
Slack is reportedly raising funds at $2.8 billion valuation getting quite some attention from both the users and well, hackers. The chat-room service maintains a central user database storing user names, email addresses, and hashed passwords along with phone numbers and Skype IDs. This central database was hacked making the user data open to attackers.
Our investigation, which remains ongoing, has revealed that this unauthorized access took place during a period of approximately 4 days in February. As soon as the evidence was uncovered, we started communication with the affected teams. The announcement was made as soon as we could confirm the details and as fast as we could type. - The Official Slack Blog
However, Slack hopes that because they save the passwords using a one-way encryption technique called bcrypt, it may not be possible for hackers to decrypt stored passwords. This, however, is open to debate - quite heated one.
Anyway, Slack got hacked but apparently the team at Slack has worked hard ever since to make things a little more secure. Slack is now offering two new security features:
- Two factor authentication
- Team-wide password kill switch
Two factor authentication, we believe, should be offered by every online service considering how they beef up the security by a notch or two. This security measure ensures that even if someone gets your passwords, they'll need physical access to your mobile phone - or something else - to get into your account. The second security feature will offer the team administrator to block everyone out of the Slack room and enforce them to reset their passwords in case of security breach.
On the positive note, you don't need to be worried about having your team files or data compromised as Slack confirms hackers weren't able to reach to the data. In case something of the sort did happen, they'll reach out to you directly. Till then, happy Slacking!