Hackers were able to access user profile information in one of the databases of Slack, the developer of the eponymous chat-based work platform, last February, the company said Friday.
The exposed database stored information such as names, email addresses, encrypted passwords, mobile numbers and Skype ID, all of which became accessible to the hackers during the cyber-attack in February that lasted four days.
“We were recently able to confirm that there was unauthorized access to a Slack database storing user profile information. We have since blocked this unauthorized access and made additional changes to our technical infrastructure to prevent future incidents. We have also released two factor authentication and we strongly encourage all users to enable this security feature,” Slack said.
Slack, however, assured that none of the stored passwords were compromised in any way through hashing but, as an added security, it now offers “Password Kill Switch” to automatically reset all user passwords.
“No payment/financial information was made available to the hackers during the attack,” Slack said, adding that it has also provided necessary information about the hack to law enforcement.
The cyber-attack was announced by Slack through a blog update last Friday.
Since the attack in February, Slack said it has blocked unauthorized access to the database and released two factor authentication as extra security measures.
Despite Slack’s assurance, cyber security experts said Slack users should immediately change their passwords both on the app and on any other site on which they use the same password.