0 %

Slack Resets Passwords After a Bug Exposed Hashed Passwords for Some Users

August 6, 2022
Slack Password Reset

Slack stated it took the action of resetting passwords for around 0.5% of its customers after an imperfection revealed salty password hashes when producing or withdrawing common invite web links for offices.

” When an individual done either of these activities, Slack sent a hashed variation of their password to various other work area participants,” the venture interaction as well as partnership system said in a sharp on fourth August.


Hashing describes a cryptographic strategy that changes any type of kind of information right into a fixed-size result (called a hash worth or just hash). Salting is made to include an additional protection layer to the hashing procedure to make it immune to brute-force efforts.

The Salesforce-owned business, which reported greater than 12 million daily active users in September 2019, really did not disclose the specific hashing algorithm made use of to secure the passwords.

The insect is stated to have actually affected all customers that developed or withdrawed common invite web links in between 17 April 2017 as well as 17 July 2022, when it looked out to the concern by an unrevealed independent protection scientist.


It deserves explaining that the hashed passwords were not noticeable to any type of Slack customers, implying accessibility to the details required energetic tracking of the encrypted network web traffic stemming from Slack’s web servers.

” We have no factor to think that any individual had the ability to acquire plaintext passwords as a result of this concern,” Slack kept in mind in the advisory. “Nevertheless, for care, we have reset damaged customers’ Slack passwords.”

In addition, the business is utilizing the event to recommend its customers to activate two-factor verification as a way to safeguard versus account requisition efforts as well as develop special passwords for on-line solutions.

Posted in SecurityTags:
Write a comment