Slack confirmed back in March 2015 that hackers were able to gain unauthorized access to a database which was used to store user profile information. It had blocked the access once it was discovered and made changes to prevent something like this from happening again. Slack also released two-factor authentication so that users could add an extra layer of security to their accounts. It has decided to reset passwords for thousands of users today fours years after the hack.
Slack is sending emails to users who created their account before March 2015, have not changed their passwords since, and don’t use single sign-on that it has reset their password. The company says that around one percent of its userbase falls in this category which is reportedly about 65,000 users.
It decided to reset the passwords after finding out that a collection of user email address and password combinations had been compromised. It was able to link the leaked credentials to the 2015 hack after an investigation.
Slack once again advises users to enable two-factor authentication on their accounts so that they have some additional protection against attempts to gain unauthorized access to their workspaces. It has already reset passwords for all users that are affected by this.