If you are among the 10 million people who use the Slack messaging and communication platform at work, you may have to change your password now because of a hack of the Slack platform that occurred four years ago.
San Francisco-based Slack, the company behind the popular messaging service used by thousands of businesses, said that about 100,000 users, or 1% of its user base, was still potentially at risk due to a breach that took place in March 2015, and will have create new passwords to ensure their accounts are secure.
The company said it has begun sending password-change notices to a specific type of user whose account could still be at risk. Slack said that only those accounts that were created prior to March 2015, have not changed their password since, and don’t require logging in with a single sign-on provider will need to change their passwords.
Slack said late Thursday that it received new information from its bug bounty program about the accounts that were still potentially compromised by the 2015 breach.
The company said that four years ago, hackers found a way to put a piece of code onto Slack passwords as people logged in, and which gave the hackers the ability to potentially access users’ accounts. Slack said that when it originally learned of that breach, it moved to block the unauthorized access, and reset passwords for what it called “a small number” of users it confirmed had affected at that time.
Slack added that it has neither detected any network breaches since the 2015 incident, nor has it received evidence that any of the accounts still potentially at risk had yet been compromised.