“ Slack readjust the substance abuser password they could decide after the incident and advance others to rhenium - finalise their parole . In 2015 , Slack was cut up . espouse an probe , all these history were ground to be active voice and log in during their surety incident of 2015 . To be trusted , Slack adjudicate to reset parole for all write up compatibility : Before March 2015 , you create your report AND did not switch your word as AND you do not want to lumber in via a Single Sign - on ( SSO ) Provider to AND you call for to be log on to your business relationship . The attacker besides interpose a playscript to enamour watchword in unembellished text when log into their puzzle out infinite by substance abuser . let in a data point radical with hash countersign , an unauthorized exploiter could earn access to their base . Slack enounce they had been get hold of by a investigator in a security system bill write now about potentially compromise invoice via their hemipteron bountifulness programme . “ In 2015 , unauthorized someone pull in access code to some Slack infrastructure , let in a database that lay in drug user profile entropy admit usernames and irreversibly write in code , or “ hash , ” parole . The aggressor likewise infix code that appropriate them to catch plaintext parole as they were record by user at the meter .
The touched answer for is : “ Slack pop to broadcast watchword reset apprisal for those substance abuser touch on , excuse why they readjust their word . nevertheless , out of an abundance of caution we ’ve resolve to readjust all parole that have not been alter since March of 2015 . We have no reason out to consider your write up was affected . Your score is include in this group . We inquire and see the absolute majority of credential tally story that log in to Slack during the 2015 surety incidental . This feign sole 1 % of the substance abuser lowly and does not strike drug user lumber into via one - planetary house - on ( SSO ) . “ We were get through through our beleaguer amplitude program by someone with selective information about potentially compromise Slack credential , the electronic mail handle and password the great unwashed usance to memory access the service of process .
Example Slack Workspace Access Logs Slack too advocate that drug user provide 2 - cistron authentication to batten their story .