Slack gets hacked, adds two-factor authentication

According to an internal investigation, the security breach occurred in February and lasted up to four days, affecting Slack’s central user database containing usernames, email addresses, encrypted passwords and other sensitive information.

Although Slack said users’ passwords were unreadable to the hackers, the startup admitted it found “suspicious activity” from a small, unspecified group of Slack user accounts, suggesting at least some data had been compromised.

“Since the compromised system was first discovered, we have been working 24 hours a day to methodically examine, rebuild and test each component of our system to ensure it is safe,” the company said in an email to Slack users on Friday.

“We are very aware that our service is essential to many teams,” added Slack’s VP of policy and compliance strategy, Anne Toth, in a company

for logging into Gmail. After Slack users enter their typical login information, they will be prompted to enter a one-time passcode sent to their phones.

 

Curated from Slack gets hacked, adds two-factor authentication