Slack Hack prompts 100,000 accounts to reset password



[ad_1]
<div _ngcontent-c14 = "" innerhtml = "

Slack's logo is posted on a trading post monitor on the New York Stock Exchange (NYSE) on June 20, 2019.

Getty

In March 2015, the corporate messaging service and the corporate communications hub, Slack, were breached and a database of user names and pbadwords was compromised. Attackers were able to insert code to log pbadwords in clear when they were entered. Not surprisingly, Slack was quick to reset the pbadwords of the users he had been confirmed had been affected by the investigation that followed. A little more surprising, however, is the confirmation that Slack now resets the pbadwords of 100,000 other users in response to "new information" about this hack from four years ago.

Slack, which represents the searchable diary of all conversations and knowledge, has more than 10 million daily users. It has recently been listed on the New York Stock Exchange, valuing it at around $ 20 billion and an instant billionaire of CEO Stewart Butterfield.

In one disclosure notice Posted on July 18th, Slack has recently confirmed that it has received detailed information about the identification information of potentially compromised users through its bug bonus program. This has resulted in an undisclosed number of users having reset their pbadwords. "However, as new information became available and our investigation continued" the explanation explained, "we determined that the majority of the compromised identification information came from accounts connected to Slack at the time of the investigation. 2015 security incident. "

This led to the reset of the pbadwords of all active user accounts during the 2015 violation. All except accounts that use SSO or who had already changed their pbadword. after March 2015. According to Slack, this represents only 1% of all accounts, about 100,000 in total.

"We have no reason to believe that any of these accounts has been compromised," Slack insisted, "but we believe this precaution is worth any inconvenience that the reset could cause." Slack also said that he had detected no further compromises in infrastructure since the 2015 offense.

At the time of the initial notification of infringement, Slack also introduces two-factor authentication. He has also added a pbadword removal switch for team owners so that they can apply an instant reset of team-wide pbadwords, as well as Forced termination of user sessions for all members of the team.

The use of two-factor authentication has again been recommended to all users in light of this new twist of events. Slack also recommends users "to make sure their computer and antivirus software are up to date," as well as creating new unique pbadwords for "every service they use or use a pbadword manager." . "

Boris Cipot, a security engineer at Synopsys, said that "although the pbadwords were reset as a result of the initial 2015 compromise, this recurrence is probably due to the reuse of the pbadword," continuing "Slack is acting responsible by changing the pbadwords of the accounts concerned to protect their users. " Cipot also pointed out that, as controllers of access to sensitive information, pbadwords were the first line of defense against potential intruders. "Every organization needs to have both a strong pbadword policy and an incident response plan for such events." Cipot concluded.

">

Slack's logo is posted on a trading post monitor on the New York Stock Exchange (NYSE) on June 20, 2019.

Getty

In March 2015, the corporate messaging service and the corporate communications hub, Slack, were breached and a database of user names and pbadwords was compromised. Attackers were able to insert code to log pbadwords in clear when they were entered. Not surprisingly, Slack was quick to reset the pbadwords of the users he had been confirmed had been affected by the investigation that followed. A little more surprising, however, is the confirmation that Slack now resets the pbadwords of 100,000 other users in response to "new information" about this hacking dating back four years ago.

Slack, which represents the searchable diary of all conversations and knowledge, has more than 10 million daily users. She was recently listed on the New York Stock Exchange, valuing her around $ 20 billion and making the instant billionaire the CEO of Stewart Butterfield.

In a disclosure notice released on July 18, Slack confirmed that it recently received detailed information about the identification information of potentially compromised users through its bug bonus program. This has resulted in an undisclosed number of users having reset their pbadwords. "However, as more information became available and our investigation continued," he explains, "we determined that the majority of the compromised identification information came from accounts that were logged in." on Slack during the 2015 security incident ".

This led to the reset of the pbadwords of all active user accounts during the 2015 violation. All except accounts that use SSO or who had already changed their pbadword. after March 2015. According to Slack, this represents only 1% of all accounts, about 100,000 in total.

"We have no reason to believe that one or the other of these accounts have been compromised," Slack insisted, "but we feel this precaution is worth any inconvenience that the reset could cause . " Slack also said that he had detected no further compromises in infrastructure since the 2015 violation.

At the time of the initial breach notification, Slack had also introduced two-factor authentication. He has also added a pbadword removal switch for team owners so that they can apply an instant reset of team-wide pbadwords, as well as Forced termination of user sessions for all members of the team.

The use of two-factor authentication has again been recommended to all users in light of this new twist of events. Slack also recommends users to "make sure their computer software and antivirus software is up to date", as well as to create new and unique pbadwords for "every service used or using a pbadword manager".

Boris Cipot, security engineer at Synopsys, said: "Although the pbadwords have been reset as a result of the initial 2015 compromise, this recurrence is probably due to the reuse of the pbadword," "continuing", Slack act responsibly by changing the pbadwords of the affected account to keep their users safe. Cipot also pointed out that, as controllers of access to sensitive information, pbadwords were the first line of defense against potential intruders. "Every organization needs to have both a strong pbadword strategy and an incident response plan for such events, "concluded Cipot.

[ad_2]
Source link