The increasingly popular team chat platform Slack confirmed in a blog post today that a database containing user profile information had been breached. Slack says the database contained usernames, email addresses, hashed passwords, and information users could connect to their account like Skype names. There's no evidence that the hackers were able to decrypt user passwords, but they did have access to the above-mentioned information.
Slack says it has blocked the unauthorized access, and - in the same blog post - announced the launch of a two-factor authentication option for its users, along with a "password kill switch" for team owners.
The password kill-switch allows team owners to instantly reset team passwords and end all user sessions for all team members. This puts a powerful last-ditch security option in the hands of team owners, and - on top of the new infrastructure changes Slack has made - makes your Slack team just that much safer.
For those unfamiliar with two-factor authentication, Slack recommends its help site. Familiar users who are already signed in can set up 2FA here. Hit the link for Slack's full rundown of its progress in making the service more secure.
- Slack Blog