Specialists believe that regardless of the fact that Slack completed the required protocols to keep client passwords safe, there is still a probability of a more severe hack later on.
SecurityScorecard chief examination officer Alex Heid cautioned:
“The company is emphasizing that the passwords are encrypted and salted, but that simply means they will take just a little longer to crack.”
He likewise advised that once passwords are hacked, cyber criminals can use clients data to get to their other accounts, including those to top webpages like Google, Amazon, and so on. Heid warned that individuals who have the same password for everything are the most susceptible to future hacks.
Furthermore, Heid told Business Insider in an email that Slack’s security procedures are far from perfect and the organization has some debatable practices. A good case is the manner by which companies that employ Slack can utilize Google to discover their sub-domain; this would enable hackers to utilize Google’s search option to figure out whether an organization uses Slack or not.
At the end of the week the business communication app acknowledged the hack in a blog entry:
“We were recently able to confirm that there was unauthorized access to a Slack database storing user profile information. We have since blocked this unauthorized access and made additional changes to our technical infrastructure to prevent future incidents.”
For the interim, Slack has urged clients to change their passwords and enable two-variable confirmation, but it looks like these safeguards will have to be applied other online accounts as well.
As per the blog entry, there have been four breaches in February. The organization declared that hackers stole private information from more than 500,000 clients, including email addresses, Skype IDs, phone numbers and other data stocked in the Slack database. Anne Toth, the VP of Slack, discussed how the digital assault occurred. It appears that within the aforementioned four days, hackers broke into the Slack database which contained client data.
Image Source: Venture Beat