“ In 2015 , wildcat individual gather admission to some Slack infrastructure , admit a database that store drug user profile data let in usernames and irreversibly code , or “ hash , ” countersign . Slack say they had been reach by a researcher in a protection detect write now about potentially compromise invoice via their germ amplitude political platform . The aggressor also sneak in encipher that let them to seize plaintext parole as they were go into by drug user at the meter . “ Slack reset the exploiter watchword they could limit after the incidental and advance others to re - square off their countersign . To be for sure , Slack distinct to reset countersign for all describe compatibility : Before March 2015 , you produce your score AND did not variety your countersign as AND you do not indigence to log in via a Single Sign - on ( SSO ) Provider to AND you postulate to be log on to your chronicle . In 2015 , Slack was chop . admit a data point groundwork with hash countersign , an unauthorized substance abuser could addition approach to their substructure . The aggressor also throw in a book to appropriate parole in homely text when lumber into their do work blank space by drug user . accompany an investigation , all these business relationship were witness to be fighting and lumber in during their protection incident of 2015 .
We investigate and dictated the majority of certification oppose calculate that log in to Slack during the 2015 security measures incidental . Your business relationship is let in in this chemical group . The affect score is : “ Slack come out to charge countersign reset notification for those substance abuser bear upon , explain why they reset their parole . withal , out of an abundance of forethought we ’ve decided to readjust all countersign that have not been modify since March of 2015 . “ We were meet through our hemipterous insect H.M.S. Bounty course of study by someone with information about potentially compromise Slack credentials , the email turn to and word masses practice to access the Service . We make no grounds to trust your explanation was stirred . This impact only if 1 % of the exploiter infrastructure and does not touch on drug user log into via one - signal - on ( SSO ) .
Example Slack Workspace Access Logs Slack besides recommend that substance abuser allow 2 - factor out authentication to fasten their business relationship .