The group messaging provider Slack recently announced that a database storing user profile information, including user names, email addresses and hashed passwords, was breached during a four-day period in February 2015.
For those users who added optional information to their profiles, such as phone number and Skype ID, that data may also have been accessed.
“We have no indication that the hackers were able to decrypt stored passwords, as Slack uses a one-way encryption technique called hashing,” the company stated. “Slack’s hashing function is bcrypt with a randomly generated salt per-password which makes it computationally infeasible that your password could be recreated from the hashed form.”
In response, the company said, it has blocked the unauthorized access, “made additional changes to our technical infrastructure to prevent future incidents,” and enabled both two-factor authentication and a “password kill switch” allowing team owners to instantly terminate all team members’ user sessions and reset all team members’ passwords.
“Since the compromised system was first discovered, we have been working 24 hours a day to methodically examine, rebuild and test each component of our system to ensure it is safe,” Slack stated. “We are collaborating with outside experts to cross-check assumptions and ensure that we are meticulous in our approach. In addition we have notified law enforcement of this illegal intrusion.”
The investigation uncovered suspicious activity on “a very small number” of Slack accounts, and the company says it has contacted all those directly affected.
Caspida CEO Muddu Sudhakar told eSecurity Planet by email that he was impressed by Slack’s prompt response and implementation of two-factor authentication. “When hacks like Slack’s come to light, there’s a lot of emphasis on better hygiene approaches from the users — they should have created more robust passwords, not re-used the same password for multiple assets etc.,” he said. “However, what’s not being discussed and can be more impactful is taking more proactive stance on their cybersecurity.”
“The bad guys inevitably get through the perimeter, as Slack found, but having processes and systems in place to quickly highlight the issues and facilitate investigations will help reduce the rate of compromises,” Sudhakar added.
And Steve Hultquist, chief evangelist at RedSeal, said by email that the Slack breach clearly demonstrates that organizations need to use automation to improve security. “They must use a system to ensure that all of their security zones are correctly configured, that there are no ways around the security controls, and that all possible paths are monitored for unexpected activity — not just those that are used when everything is operating as expected,” he said.
“It is the exception that tends to open the doors, and analyzing what is possible is impossible without the automation to review everything and compute the probabilities,” Hultquist added. “It’s time to move from reactive defenses to proactive analysis.”