Hack Notice

Hack Notice: Slack

Slack

Source
https://slackhq.com/march-2015-security-incident-and-the-launch-of-two-factor-authentication
Description
We were recently able to confirm that there was unauthorized access to a slack database storing user profile information. We have since blocked this unauthorized access and made additional changes to our technical infrastructure to prevent future incidents. We hold also released two gene authentication and we strongly encourage all users to enable this security feature. We are very aware that our service is essential to many teams. Earning your trust through the operation of a secure service will always be our highest priority. We deeply regret this incident and apologize to you, and to everyone who relies on Slack, for the inconvenience. Here is some specific info we can part about this incident: Slack maintains a central user database which includes user names, email addresses, and one-way encrypted (hashed) passwords. In addition, this database contains information that users may experience optionally added to their profiles such as phone number and Skype ID. Information contained in this user database was accessible to the hackers during this incident. We have no denotation that the hackers were able to decrypt stored passwords, as slack uses a one-way encryption technique called hashing. Slacks hashing function is bcrypt with a randomly generated salt per-password which makes it computationally infeasible that your password could be recreated from the hashed form. Our investigation, which remains ongoing, has revealed that this unauthorized access took put during a period of approximately 4 days in February. as soon as the evidence was uncovered, we started communication with the affected teams. The annunciation was made as soon as we could support the details and as fast as we could type. No financial or payment info was accessed or compromised in this attack. Since the compromised system was first discovered, we have been working 24 hours a daytime to methodically examine, rebuild and test each component of our system to ensure it is safe. We are collaborating with outside experts to cross-check assumptions and ensure that we are meticulous in our approach. In addition we have notified law enforcement of this illegal intrusion. As piece of our investigation we detected suspicious action affecting a very small number of slack accounts. We have notified the individual users and team owners who we believe were impacted and are sharing details with their certificate teams. Unless you experience been contacted by us directly about a password reset or been advised of suspicious action in your teams account, all the information you need is in this blog post. We are committed to continual advance of both internal security practices and development of features that assist you take control of your own and your teams certificate on Slack. in addition to the recent changes to our infrastructure, we have also just released two new features you should know about: Two agent Authentication (2FA; also known as two step verification), which is now available for all users/teams. Detailed instructions are available on our help site and if you are signed in, you can localize it up right now on your team site. We strongly recommend that everyone utilize 2FA, both on slack and everywhere else it is available. A Password kill Switch for team owners, which allows for both instantaneous team-wide resetting of passwords and forced ending of all user sessions for all team members (which means that everyone is signed out of your relax team in all apps on all devices). Team owners canful find this option under the authentication tab of your team settings. For more on our security practices and policies, control https://slack.com/security. Should you get any questions, see our FAQ below or contact us at security@slack.com. Again, our most sincere apologies. We are making every effort to prevent any similar occurrence in the future.

About HackNotice and Slack

HackNotice is a service that notices trends and patterns in publically available data so as to identify possible data breaches, leaks, hacks, and other data incidents on behalf of our clients. HackNotice monitors data streams related to breaches, leaks, and hacks and Slack was reported by one of those streams. HackNotice may also have the breach date, hack date, the hacker responsible, the hacked industry, the hacked location, and any other parts of the hack, breach, or leak that HackNotice can report on for the consumers of our product.

If you are a user of Slack their products, services, websites, or applications and you were a client of HackNotice, monitoring for Slack you may have been alerted to this report about Slack . HackNotice is a service that provides data, information, and monitoring that helps our clients recover from and remediate data breaches, hacks, and leaks of their personal information. HackNotice provides a service that helps our clients know what to do about a hack, breach, or leak of their information.

If Slack had a breach of consumer data or a data leak, then there may be additional actions that our clients should make to protect their digital identity. Data breaches, hacks, and leaks often top to and do identity theft, account take overs, ransomware, spyware, extortion, and malware. account takeovers are often caused by credential reuse, password reuse, easily guessed passwords, and are facilitated by the sharing of billions of credentials and other customer information through data leaks, as the direct resultant of data breaches and hacks.

HackNotice monitors trends in publically available data that indicates tens of thousands of data breaches each year, along with billions of records from data leaks each year. On behalf of our clients, HackNotice works to monitor for hacks that lead to lower client security and digital identities that have been exposed and should be considered vulnerable to attack. HackNotice workings with clients to identify the extent that digital identities get been exposed and provides remediation suggestions for how to handgrip each type of exposure.

HackNotice monitors the hacker community, which is a network of individuals that part data breaches, hacks, leaks, malware, spyware, ransomware, and many other tools that are often used for financial fraud, account take overs, and further breaches and hacks. HackNotice monitors the hacker community specifically for breaches, hacks, and data leaks that hurt consumers. HackNotice applies industry specific knowledge and advanced security practices to monitor for trends that point breaches, hacks, and exposed digital identities.

HackNotice also enables clients to part hack notices with their friend, family, and collogues to assist increase sentience around alleged hacks, breaches, or data leaks. HackNotice works to ply clients with sharable reports to help increase the security of our clients personal network. The security of the multitude that our clients interact with directly impacts the raze of security of our clients. Increased exposure to accounts that have been taken over by hackers leads to further account take overs through phishing, malware, and other attach techniques.

If you found this hack observation to be helpful, then you may be interested in reading some additional nag notices such as:

study the market reaction to such an incident as proxy for the economic consequences. This is typic as placeholder for the economic consequences. This is typically conducted through the use of event studietually exposed. Many jurisdictions have passed data breach notification laws, requiring a compa

Northwestel

Indiana State Medical Association

Rogers Communications