Criminals had access to a central database of the American company Slack for four days in February. They may have stolen data from an unknown number of customers, Slack announced on Friday.
The customer data database contains usernames, email addresses and passwords, which are encrypted using the bcrypt algorithm. In addition, the database includes data that users have added to their account themselves. This concerns things like telephone numbers and Skype account names.
Slack says the attackers had access to the database for an estimated four days in February. The company is still investigating the case, but says there are no known signs that the criminals were able to decipher the encrypted passwords. No financial information was allegedly stolen.
The American company is only now disclosing the hack, because it first collaborated with experts to tighten security. For example, unknown traffic is blocked and the infrastructure has been overhauled. Government agencies have also been notified to investigate the criminal offences.
Slack advises all affected users to enable two-step verification, which it has now introduced accelerated. It also offers a ‘kill switch’ for administrators, so that they can immediately end all active sessions and reset all passwords. If you have urgent security questions, you can contact the company.
Slack’s communications service is particularly popular with businesses. The service combines tools such as Hangouts, iMessage, SMS, email and various small services. These are displayed bundled in one place, where employees can consult each other.