Slack resetting passwords for users impacted by 2015 breach

Written over 1 year ago by IanDorfman

Slack has announced that it is resetting passwords for around 1% of users due to newly unearthed information regarding a 2015 security breach that impacted the workplace collaboration service.

The breach was discovered via a tip sent to the company via its bug bounty program, with an immediate confirmation that "a portion" of the email and password combinations were valid and could be used by the attacker to log in to accounts that did not belong to them.

User accounts that meet all three of the following criteria will be subject to this password reset:

• Account was created your account before March 2015
• Account password has not been changed since March 2015
• Account does not require logging in via a single-sign-on (SSO) provider

The blog post that details these actions further described that the company has "no reason to believe that any of these accounts were compromised," but is resetting the passwords anyway due to feeling the value of precautionary measures being taken far outweighs any potential inconvenience caused to the 1% of total Slack users that were active at the time of this breach.

Steps to properly reset your Slack account password can be found via an article on Slack's official Help Center.

Further coverage:
The Official Slack Blog