Breach Notification , Incident & Breach Response , Managed Detection & Response (MDR)
Tech Start-Up Slack Technologies HackedCompany Rolls Out Two-Factor Authentication Post-Attack
Slack Technologies, a tech start-up that offers a group chat tool, announced March 27 that it's rolling out two-factor authentication after hackers breached a database of user profile information. The company did not reveal how many of its users may have been affected by the February incident.
See Also: Live Webinar | Breaking Down Security Challenges so Your Day Doesn’t Start at 3pm
The database included user names, email addresses and one-way encrypted, or "hashed" passwords, Ann Toth the company's vice president of policy and compliance strategy, says in a blog. "In addition, this database contains information that users may have optionally added to their profiles, such as phone number and Skype ID."
No financial or payment information was accessed or compromised in this attack, Toth says. "We have no indication that the hackers were able to decrypt stored passwords. ..."
During its investigation, the company detected "suspicious activity affecting a very small number of Slack accounts," according to the blog. Toth says it has notified the individual users and team owners who the company believes were impacted and are sharing details with their security teams.
Actions After the Breach
After the company discovered the cyber-attack, it "blocked this unauthorized access and made additional changes to our technical infrastructure to prevent future incidents," Toth says in the blog. "We have also released two-factor authentication and we strongly encourage all users to enable this security feature."
Slack has also released a "password kill switch for team owners," Toth says. "This allows for both instantaneous team-wide resetting of passwords and forced termination of all user sessions for all team members. This means that everyone is signed out of your Slack team in all apps on all devices."
Slack's investigation, which is ongoing, revealed that the unauthorized access took place during a period of approximately four days in February, according to the blog. "As soon as the evidence was uncovered, we started communication with the affected teams. The announcement was made as soon as we could confirm the details."
Since the compromised system was first discovered, Toth says, "we have been working 24 hours a day to methodically examine, rebuild and test each component of our system to ensure it is safe. We are collaborating with outside experts to cross-check assumptions and ensure that we are meticulous in our approach. In addition we have notified law enforcement of this illegal intrusion."
In a statement to Information Security Media Group, a Slack spokeswoman says, "We cannot comment beyond details in the blog post about any other unauthorized activity that may have affected individual accounts. We have been in direct communication with a very small number of individual account holders and team owners, but will not be commenting publicly about these accounts. We can confirm that there was no access to databases containing message archives or other similar sensitive team data as part of this incident.".