[BreachExchange] Slack Initiates Mass Password Reset

[Destry Winant]

https://threatpost.com/slack-password-reset/146545/

More victims of a 2015 credential-harvesting incident have come to light.

Popular workspace collaboration platform Slack is in the middle of
asking tens of thousands of users to reset their passwords after a
security breach.

The move is actually in response to new information that has come to
light regarding a 2015 compromise, when hackers infiltrated Slack’s
networks to gain access to databases containing user credentials
including hashed passwords. They also planted password-scraping
malware to capture login information in plaintext when users signed
in.

While Slack implemented two-factor authentication and a password reset
for those affected at the time, a new crop of people that were
impacted by the event has come to light after a new batch of stolen
credentials was reported via the company’s bug-bounty program.

“We immediately confirmed that a portion of the email addresses and
password combinations were valid, reset those passwords, and explained
our actions to the affected users,” Slack said in a message on its
website.

However, the company thought the issue stemmed from the rampant
practice of password reuse, until closer inspection showed the trove
to be a previously unknown group of accounts that were compromised in
the 2015 incident.

“These types of reports are fairly routine and usually the result of
malware or password re-use between services,” according to a website
notice. “However, as more information became available and our
investigation continued, we determined that the majority of
compromised credentials were from accounts that logged in to Slack
during the 2015 security incident.”

Slack said that it has decided to reset passwords for all users who
were active at the time of the 2015 breach; those who have changed
their password since then and those who log in via single-sign-on
(SSO) platforms are excepted. In total, about 100,000 users are
affected.