Slack Initiates Mass Password Reset

slack data breach

More victims of a 2015 credential-harvesting incident have come to light.

Popular workspace collaboration platform Slack is in the middle of asking tens of thousands of users to reset their passwords after a security breach.

The move is actually in response to new information that has come to light regarding a 2015 compromise, when hackers infiltrated Slack’s networks to gain access to databases containing user credentials including hashed passwords. They also planted password-scraping malware to capture login information in plaintext when users signed in.

While Slack implemented two-factor authentication and a password reset for those affected at the time, a new crop of people that were impacted by the event has come to light after a new batch of stolen credentials was reported via the company’s bug-bounty program.

“We immediately confirmed that a portion of the email addresses and password combinations were valid, reset those passwords, and explained our actions to the affected users,” Slack said in a message on its website.

Email obtained by Threatpost.

However, the company thought the issue stemmed from the rampant practice of password reuse, until closer inspection showed the trove to be a previously unknown group of accounts that were compromised in the 2015 incident.

“These types of reports are fairly routine and usually the result of malware or password re-use between services,” according to a website notice. “However, as more information became available and our investigation continued, we determined that the majority of compromised credentials were from accounts that logged in to Slack during the 2015 security incident.”

Slack said that it has decided to reset passwords for all users who were active at the time of the 2015 breach; those who have changed their password since then and those who log in via single-sign-on (SSO) platforms are excepted. In total, about 100,000 users are affected.

Interested in more on patch management? Don’t miss our free live Threatpost webinar, “Streamlining Patch Management,” on Wed., July 24, at 2:00 p.m. EDT. Please join Threatpost editor Tom Spring and a panel of patch experts as they discuss the latest trends in Patch Management, how to find the right solution for your business and what the biggest challenges are when it comes to deploying a program. Register and Learn More

Suggested articles