Looks like the popular private chat room service Slack is tightening its belt. To ensure account security, Slack has enabled two-factor authorization for users, following unauthorized access to their database which stores user profile information. A very small number of accounts were found to be affected by suspicious activity, and Slack has already reached out to those users.
In addition to rolling out two-factor authorization, Slack has put a "Password Kill Switch" in place for team owners. The kill switch will allow team owners to force a termination of all sessions, and require all passwords to be reset with just one button.
The new security measures show that Slack takes this all very serious. Slack did share some information about the attack:
- Slack maintains a central user database which includes user names, email addresses, and one-way encrypted ("hashed") passwords. In addition, this database contains information that users may have optionally added to their profiles such as phone number and Skype ID.
- Information contained in this user database was accessible to the hackers during this incident.
- We have no indication that the hackers were able to decrypt stored passwords, as Slack uses a one-way encryption technique called hashing.
- Slack's hashing function is bcrypt with a randomly generated salt per-password which makes it computationally infeasible that your password could be recreated from the hashed form.
- Our investigation, which remains ongoing, has revealed that this unauthorized access took place during a period of approximately 4 days in February.
- No financial or payment information was accessed or compromised in this attack.
Slack urges that users enable two-factor authorization on their account, and they have laid out very simple instructions of how to do so.
Slack recently released their Windows app for desktop users and a Windows Phone app is due shortly as well.
Minecraft Dungeons: 10 things that we'd love to see improved
Minecraft Dungeons is a great game, but as we max out the game and hit full completion, there are a few things we think could easily be improved. Here are ten of them.
How Microsoft Teams changed my football team during the pandemic
The global health crisis caused my football team's practices and season to be canceled. To continue coaching, we switched to virtual classroom sessions using Microsoft Teams.
Twitter PWA picks up a simple tweet scheduler in latest update
Twitter's PWA is now showing a tweet scheduler, which was previously only in testing for some users. The feature has long been a part of TweetDeck, but it is now available to anyone using twitter.com or the Twitter progressive web apps, including from the Microsoft Store.
Make the most of your Surface Pen and Slim Pen with these awesome apps
To really maximize the ability of the Surface Pen and Slim Pen, there are some essential apps you should check out. We've rounded up the best right here for a variety of purposes.