Slack resets thousands of user passwords four years after hack

Illustration by Alex Castro / The Verge

Slack says it is resetting the passwords of some of its users after new information has come to light about a security breach from March 2015. Any users who created their account before this date, who have not changed their passwords since, and who do not use single-sign-on can expect to have their passwords reset by the company if it hasn’t happened already. Slack says that around one percent of its users fall into all three of these categories, which ZDNet reports amounts to around 65,000 users.

The company chose to reset the passwords after it learned that a collection of user email addresses and password combinations had been compromised. After an investigation, the company linked the credentials to a hack it suffered in 2015 when hackers were able to insert keylogging code into its software that was capable of reading user’s passwords as they entered them. The hackers also accessed a database of usernames and hashed passwords.

Slack says that it is notifying any affected users directly if it is resetting their passwords, and recommends that all users turn on two-factor authentication. If you’re worried you might be affected, you can download a complete log of your account as a CSV file by visiting this page on Slack’s website.

Back to top ↑