Slack initiated Two-Factor Authentication conceding Security breach

Slack, a platform for team communication, has affirmed that the company suffered a crucial security breach of its user’s database, exposing sensitive information to malicious hackers.

Slack has reported to The Verge that databases comprising team message history were not accessed as part of the breach. No payment information was leaked; the main concern is user passwords, which were in encrypted form.

The San Francisco-based company has mentioned  in a blog post on Friday that its central user database was accessible to hackers during that window.The database provided little information such as personal data, including user names, email addresses, and one-way encrypted passwords, and other optional info, such as phone numbers and Skype IDs.

Anne Toth, vice president of policy and compliance strategy at Slack, has imparted that there is “no indication that the hackers were able to decrypt stored passwords, as Slack uses a one-way encryption technique called hashing.”

Slack has exploited outside experts and law enforcement officials abetting the investigation, which remains ongoing. According to Slack, it has notified affected individual users and team owners.

Slack has released some security tips as well as two-factor authentication and a password-kill switch for IT administrators to implement. It strongly encourages all users to enable this security feature.

The password-kill feature will enable an instant sign-out and password reset for every member of a given team. The feature is meant to allow leaders to clear out their system spontaneously if the breach is suspected.

Slack has become popular among businesses as an email replacement, reaching more than half a million daily users last month, but the growth has come with new concerns over security.

In October, the company faced criticism over a bug that permitted outsiders to access the list of names of different rooms available at a company. The bug was fixed immediately after being informed.

Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular


In the past, most games had cheat codes, yet these days it's more uncommon. As a programmer, I like to perceive how things work,...

Phishing Prevention: How to Secure Your Organization Against Phishing Attacks

Phishing is a type of cyberattack that aims to trick people into giving up their sensitive information or hack into a system by means...

Automated Penetration Testing Prevents High-Risk Vulnerabilities

According to new research from Positive Technologies, a substantial 84% of companies contain high-risk vulnerabilities within their network perimeter. Scanning as many as 3,514...

Security Concerns When You’re Running Your Company From Abroad

The world of technology makes it possible for entrepreneurs to run their businesses from any location worldwide. You could travel and move to any...


Then sign up for FREE to the ehacking’s exclusive group. You will get the exclusive tips/tricks, tutorials, webinars & courses that I ONLY share with my fellow on this exclusive newsletter.