Slack leaked hashed passwords from its servers for years

2022-08-08 11:45

Did Slack send you a password reset link last week? The company has admitted to accidentally exposing the hashed passwords of workspace users.

Slack said only 0.5 percent of users were affected, which doesn't sound too terrible until you consider how many Slack users are out there.

Slack lays claim to over 169,000 paid customers and says "Millions of people around the world use Slack to connect their teams."

"We have no reason to believe that anyone was able to obtain plaintext passwords because of this issue," it insisted, but has still reset the passwords of affected users regardless.

The problem is that while the passwords were hashed and salted, and Slack noted that "It is practically infeasible for a password to be derived from the hash," extracting a password is possible.

Miscreants are well versed in brute-force methods and it has been possible to harvest those passwords for years.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/08/08/slack_passwords/

#leaked #server #slack