Slack admits facing security breach in February


Popular work communications app Slack on Friday admitted to having faced a four day long security breach attack in February.

“We were recently able to confirm that there was unauthorized access to a Slack database storing user profile information. We have since blocked this unauthorized access and made additional changes to our technical infrastructure to prevent future incidents,” said Slack in a blog post.

According to Slack, the security breach compromised on the company’s user profile information including their usernames, email addresses, encrypted passwords and other sensitive information as well as in some cases, phone numbers and Skype IDs that users had associated with their accounts.

“Slack maintains a central user database which includes user names, email addresses, and one-way encrypted (‘hashed’) passwords,” Slack’s VP of policy and compliance strategy, Anne Toth wrote.

“In addition, this database contains information that users may have optionally added to their profiles, such as phone number and Skype ID.

“Information contained in this user database was accessible to the hackers during this incident.”

The company however claims that these suspicious activities were only found in “very small number of accounts” and that no financial or payment information was accessed during the hack.

As a precaution to avoid any such hacking attacks in future, Slack has now added two-factor authentication. The security feature will require users to enter a one-time passcode sent to their phones in addition to the usual Slack credentials to login.

In February, Slack announced it had more than 500,000 daily active users and $12 million in annual recurring revenue. The company is currently in talks to raise a round of funding at a $2 billion valuation.