Slack initiated Two-Factor Authentication conceding Security breach

Slack, a platform for team communication, has affirmed that the company suffered a crucial security breach of its user’s database, exposing sensitive information to malicious hackers.

Slack has reported to The Verge that databases comprising team message history were not accessed as part of the breach. No payment information was leaked; the main concern is user passwords, which were in encrypted form.

The San Francisco-based company has mentioned  in a blog post on Friday that its central user database was accessible to hackers during that window.The database provided little information such as personal data, including user names, email addresses, and one-way encrypted passwords, and other optional info, such as phone numbers and Skype IDs.

Anne Toth, vice president of policy and compliance strategy at Slack, has imparted that there is “no indication that the hackers were able to decrypt stored passwords, as Slack uses a one-way encryption technique called hashing.”

Slack has exploited outside experts and law enforcement officials abetting the investigation, which remains ongoing. According to Slack, it has notified affected individual users and team owners.

Slack has released some security tips as well as two-factor authentication and a password-kill switch for IT administrators to implement. It strongly encourages all users to enable this security feature.

The password-kill feature will enable an instant sign-out and password reset for every member of a given team. The feature is meant to allow leaders to clear out their system spontaneously if the breach is suspected.

Slack has become popular among businesses as an email replacement, reaching more than half a million daily users last month, but the growth has come with new concerns over security.

In October, the company faced criticism over a bug that permitted outsiders to access the list of names of different rooms available at a company. The bug was fixed immediately after being informed.

Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

How to Become an Expert in Ethical Hacking

This article is mainly addressing the audience who wants to pursue their career in Cybersecurity as a professional that provides ethical hacking services, whether...

5 Cybersecurity Tips to Keep in Mind When Working From Home

  Due to the ongoing global health crisis, more and more people are being forced to work from their homes. In fact, Forbes estimates that about...

The Complete OSINT Tutorial to Find Personal Information About Anyone

This article mainly focuses on how to discover a person's digital footprint and gather personal data by using open-source intelligence (OSINT). So, in its...

How to find the password of hacked email addresses using OSINT

Open-source intelligence or OSINT is a potent technique, and it can give a lot of valuable information, if implemented correctly with the right strategy...