Slack, a team communication tool, has suffered suffered a security breach on its central user database, potentially leaving user's login credentials in the hands of hackers.
Slack was launched in 2013 and its android application has been downloaded by more than 100,000 users so far(according to Google Play store).
The company confirmed the breach in a company blog post. The unauthorized access took place for about 4 days in February.
The database accessed by the intruders included usernames, email IDs, and passwords(hashed). It also contained optional data added by users such as phone numbers, Skype IDs.
On the bright side, Slack didn't store the passwords in a plain-text format. The passwords have been hashed with a bcrypt and a randomly generated salt. It does not mean this will thwart hackers from accessing your account, it will just slow down the process and give you a time to take action. And, NO Financial or payment data compromised in this attack.
In the wake of security breach, the company strengths its security for the authentication. One of them is "2 step authentication" - a verification code in addition to your normal password whenever you sign in to Slack. Let's hope the company also fixes any other vulnerabilities in their website.