back to article Slack leaked hashed passwords from its servers for years

Did Slack send you a password reset link last week? The company has admitted to accidentally exposing the hashed passwords of workspace users. The issue occurred when a user created or revoked a shared invitation link for their workspace. The good news is that the password wasn't plaintext, and it wasn't visible in any Slack …

  1. Korev Silver badge
    Coat

    Slack lays claim to over 169,000 paid customers and says "millions of people around the world use Slack to connect their teams."

    No Teams, is Microsoft's rival...

  2. OldCrow 1975

    Only .5% of users affected.

    Where else have I heard that number before.

    Oh yes Twitter pertaining to bots. I wonder if there is a relationship between the two.

    1. Ben Tasker

      Re: Only .5% of users affected.

      That was 5 percent, this number is a tenth of that

      1. This post has been deleted by its author

        1. Anonymous Coward
          Anonymous Coward

          Re: Only .5% of users affected.

          Normally .5 would be rounded to 1.

          The only relation between 5 and 0.5 is that they both have a 5 in them. Would you be suggesting a correlation if one of them said 9.5?

        2. Dante Alighieri
          Headmaster

          Rounding for effect

          Well in that case, obligatory.

  3. Anonymous Coward
    Anonymous Coward

    A spokesperson commented that "the problem was a result in a simple misunderstanding of the role of the slack security team"

  4. Locky
    WTF?

    Dónde está Paris?

    Slack, a tool promoted by Marketing departments for years because "it bypasses all those pesky IT rules and just works", is insecure?

    I am shocked

    1. steviebuk Silver badge

      Re: Dónde está Paris?

      Until they realised they had to pay for parts of it and all that chat history? Yeah you have to pay for that as well. So where I was it got abandoned :)

  5. Pirate Dave Silver badge
    Pirate

    "...it is safe to assume Slack has 10 million or more daily active users..."

    "Slack lays claim to over 169,000 paid customers..."

    I gotta think that at some point, the paying customers are going to get tired of subsidizing the Slack slackers...

  6. Anonymous Coward
    Anonymous Coward

    Wait, did I read that right?

    A company discovering, on its own, quietly, that they had a security hole, actually patched it. Then figured out who could potentially have been impacted, and notified them. And voluntarily made all this public. And it turns out they were using salted hashes anyway, so that good practice makes it even harder to exploit? I'm impressed.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like