In a statement on their corporate blog, Slack said, the database contained usernames, email addresses, hashed passwords and information users could connect to their account like Skype names. But they also mentioned that they didn’t find any evidence that the hackers were able to decrypt user passwords. Slack also confirmed that they have blocked the unauthorized access. In the same blog they also confirmed that they are also launching a two-factor authentication option for its users, where users will be required to enter a one-time password that is sent to their phone, along with the usual login credentials. They also had confirmed that there will be a ‘kill switch’ for administrators that will allow them to log out all users of a Slack installation and reset the users’ passwords.
According to their statement the database was hacked over a period of four days in February. The news came after new investors agreed to give the company $ 160 million in additional venture funding. According to the market experts the company had a sharp rise after the application was launched a year ago. According to the company statistics half a million users uses the app every day. The company said, they are doing everything they can to solve problem.
In a statement Slack Vice President, Anne Toth said, “We are very aware that our service is essential to many teams. Earning your trust through the operation of a secure service will always be our highest priority. We deeply regret this incident and apologize to you, and to everyone who relies on Slack, for the inconvenience.”
But the company didn’t make it clear when the company found out about the breach and if the new investors were informed about the breach before the investment was agreed. When asked Slack spokesperson Rebecca Reeve declined to comment on the issue of investor notification before the investment.
In a statement on their website the company said, “Since the compromised system was first discovered, we have been working 24 hours a day to methodically examine, rebuild and test each component of our system to ensure it is safe.” But the statement didn’t mention any date on which the breach was discovered.