Text messaging startup Slack is the latest startup technology to fall victim of a security breach according to an official communication. The company is reported to have been hacked for four days in February, although there is no indication that the hackers walked away with user’s password.
The company has responded with speed by revamping security measures to prevent a future re-occurrence or unexpected unauthorized access. The security breach is a major blow for Slack, having grown to become widely popular with corporate clients. Information stored in the database that hackers might have accessed include user names and email addresses.
Slack has affirmed that financial information stored on the company’s servers was not in any way accessed during the cyber-attack. However, there are concerns that hackers might have gained access to chat archives from companies that use the service, considering most of this chat records are never encrypted. Message archives are never encrypted as searching through old chats remains a key component of Slack and offering such a service would be an impossible feat.
However, slack has confirmed that no message archive database or sensitive information was breached by the cyber-attack. A two-step authentication process has since been enabled to avert users concerns about further breaches.
Users have been encouraged to switch to the new feature on their Slack Web profiles. Slack also acknowledges that it detected some suspicious activities in some of the accounts, even though, the passwords were encrypted well enough.
A Password Kill Switch that allows for the resetting of passwords and forces the logout of users in team messaging has also been enabled. Some of the security measures initiated were initially available according to the company but have now been moved up seeing the breach. The company is also carrying out further tests of the current security components to prevent further access to unauthorized content