Slack Confirms App Was Hacked, But Don’t Worry, They’ve Got Your Back

Slack is a team communication tool that was launched in 2013 by Stewart Butterfield, co-founder of the popular picture-sharing site Flickr. The Slack software was first created by Butterfield’s company, Tiny Speck, for use within the company as it worked on the creation of their MMO (massively multiplayer online game) Glitch, but although the game itself is now defunct, the Slack software has become a must-have for businesses, with a reported 8,000 user signups within the first 24 hours of its launch, and 120,000 daily Slack users within its first week.

By October of 2014, a little over a year from its inital launch, Slack had already raised $120 million dollars in venture capital, and had a valuation of $1.2 billion, according to Google Ventures and Kleiner Perkins Caufield & Byers (yes, that Kleiner Perkins Caufield & Byers).

Despite Slack’s success, or perhaps because of it, Slack — which is essentially a form of the popular messaging application WhatsApp, only for businesses — has recently found itself with a bit of a hacker problem. According to a blog post on the Slack website posted on March 27, for about four days in February, hackers were able to access Slack’s central database which holds information such as usernames, encrypted passwords, email addresses, phone numbers, and Skype IDs.

“Information contained in this user database was accessible to the hackers during this incident. We have no indication that the hackers were able to decrypt stored passwords, as Slack uses a one-way encryption technique called hashing. As soon as the evidence was uncovered, we started communication with the affected teams.”

Slack’s vice president of policy and compliance strategy, Anne Toth, was also quick to mention in her blog post concerning the hacking that “No financial or payment information was accessed or compromised in this attack.”

In order to ensure the safety of the software in the future, Slack has decided to enable two factor authentication as part of its website and application security features. Two factor authentication, or 2FA as it is also known, will add an extra component to Slack’s verification process, thus making it more difficult for hackers to breach Slack’s website and application security systems. Slack’s 2FA will include the downloading and installing of an authentication application, such as Google Authenticator.

In addition to this, Slack will also be adding a “password kill switch” for team owners.

“Which allows for both instantaneous team-wide resetting of passwords and forced termination of all user sessions for all team members (which means that everyone is signed out of your Slack team in all apps on all devices).”

Despite the hack, the Slack team say they are committed to preventing any further breaches, and will continue to explore all safety avenues available to them.

“You can expect to hear more about new security initiatives and features in Slack and you can count on our commitment to the ongoing investment in and prioritization of Slack’s security.”

[Image Credit: Wall Street OTC]