Fast-growing team-messaging software company Slack today disclosed that a database containing user information got hacked for a brief period last month.
This is the first time Slack has come forward about a hack it has endured. It’s notable because the company is taking on so many users so quickly.
Last year Slack dealt with a perceived security flaw: that it was possible to see the names of teams inside companies using Slack.
“Slack maintains a central user database which includes user names, email addresses, and one-way encrypted (‘hashed’) passwords,” Slack’s Anne Toth wrote in a blog post today. “In addition, this database contains information that users may have optionally added to their profiles, such as phone number and Skype ID.
“Information contained in this user database was accessible to the hackers during this incident.”
Slack has now turned on two-factor authentication for users. Toth encourages users to enable it and also pointed to a new feature called Password Kill Switch.
That feature “allows for both instantaneous team-wide resetting of passwords and forced termination of all user sessions for all team members (which means that everyone is signed out of your Slack team in all apps on all devices),” Toth wrote.
Slack is reported to be in the middle of raising a $160 million funding round at a post-money valuation of $2.76 billion.