Security News > 2022 > August > Slack Resets Passwords After a Bug Exposed Hashed Passwords for Some Users

Slack said it took the step of resetting passwords for about 0.5% of its users after a flaw exposed salted password hashes when creating or revoking shared invitation links for workspaces.

"When a user performed either of these actions, Slack transmitted a hashed version of their password to other workspace members," the enterprise communication and collaboration platform said in an alert on 4th August.

The Salesforce-owned company, which reported more than 12 million daily active users in September 2019, didn't reveal the exact hashing algorithm used to safeguard the passwords.

It's worth pointing out that the hashed passwords were not visible to any Slack clients, meaning access to the information necessitated active monitoring of the encrypted network traffic originating from Slack's servers.

"We have no reason to believe that anyone was able to obtain plaintext passwords because of this issue," Slack noted in the advisory.

The company is using the incident to advise its users to turn on two-factor authentication as a means to protect against account takeover attempts and create unique passwords for online services.

News URL

https://thehackernews.com/2022/08/slack-resets-passwords-after-bug.html