The business communication platform Slack confirmed a data breach which left users vulnerable - with usernames, email addresses, passwords, phone numbers, Skype logins, and other information compromised.
It's unknown if the cybercriminals actually decrypted any of the passwords, with no payment information accessed. "We are very aware that our service is essential to many teams," Slack said in a blog post. "We deeply regret this incident and apologize to you, and to everyone who relies on Slack, for the inconvenience."
Slack has added two-factor authentication today, and users will need to enter a verification code along with their traditional password. It's recommended all users begin using it immediately.
"Hat's off to the Slack team for apparently responding promptly and putting two-factor authentication in place," said Muddu Sudhakar, CEO of the Caspida cybersecurity firm. "When hacks like Slack's come to light, there's a lot of emphasis on better hygiene approaches from the users - they should have created more robust passwords, not reused the same password for multiple assets, etc. However, what's not being discussed and can be more impactful is taking more proactive stance on their cybersecurity."