Saturday, August 20, 2022
HomeCyber SecuritySlack Resets Passwords After a Bug Uncovered Hashed Passwords for Some Customers

Slack Resets Passwords After a Bug Uncovered Hashed Passwords for Some Customers


Slack stated it took the step of resetting passwords for about 0.5% of its customers after a flaw uncovered salted password hashes when creating or revoking shared invitation hyperlinks for workspaces.

“When a consumer carried out both of those actions, Slack transmitted a hashed model of their password to different workspace members,” the enterprise communication and collaboration platform stated in an alert on 4th August.

CyberSecurity

Hashing refers to a cryptographic method that transforms any type of knowledge right into a fixed-size output (referred to as a hash worth or just hash). Salting is designed so as to add an additional safety layer to the hashing course of to make it proof against brute-force makes an attempt.

The Salesforce-owned firm, which reported greater than 12 million day by day energetic customers in September 2019, did not reveal the precise hashing algorithm used to safeguard the passwords.

The bug is claimed to have impacted all customers who created or revoked shared invitation hyperlinks between 17 April 2017 and 17 July 2022, when it was alerted to the difficulty by an unnamed impartial safety researcher.

CyberSecurity

It is price declaring that the hashed passwords weren’t seen to any Slack shoppers, which means entry to the data necessitated energetic monitoring of the encrypted community site visitors originating from Slack’s servers.

“We’ve no motive to consider that anybody was in a position to get hold of plaintext passwords due to this problem,” Slack famous within the advisory. “Nevertheless, for the sake of warning, we’ve got reset affected customers’ Slack passwords.”

Moreover, the corporate is utilizing the incident to advise its customers to activate two-factor authentication as a way to guard in opposition to account takeover makes an attempt and create distinctive passwords for on-line companies.



RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Most Popular

Recent Comments