Skip to main content

Slack data breach: Company resets thousands of passwords

Slack data breach took place in 2015 but the company became aware of the incident recently through its bug bounty program.

Slack has suffered a data breach in which thousands of users have been affected. As a result, the company is resetting passwords of thousands of impacted users.
The data breach took place back in 2015 but the company recently became aware of the incident in which unknown hackers managed to steal database containing profile related information of Slack users including usernames, email addresses, and encrypted passwords.
However, hackers inserted malicious code to extract plaintext passwords which were entered by users at the time of the breach.
Slack further revealed that it became aware of the data breach through its bug bounty program after someone contacted the company with a list of its users’ emails and passwords. Slack claims that the list belongs to 2015 data breach.
In a security notice, Slack acknowledged the breach and stated that only a handful of users were impacted. This includes those who created their account before March 2015, those who did not change their passwords since and those who do not use single-sign-on.
Slack further maintains that the data breach does not apply to “the approximately 99 percent who joined Slack after March 2015” or those who have changed their password since the incident.
“We are resetting passwords for approximately 1% of Slack accounts […] In other words, if you’re one of the approximately 99% who joined Slack after March 2015 or changed your password since then, this announcement does not apply to you,” wrote Slack Team.
On the other hand, another report claims that in total 65,000 Slack users have been affected by the data breach.
Slack has millions of users worldwide which make it a lucrative target for cybercriminals. Any attack on the company’s cyberinfrastructure is a big concern. Therefore, for your account security, if you have a Slack account change its password even if you are not impacted by the breach.
“We have no reason to believe that any of these accounts were compromised, but we believe that this precaution is worth any inconvenience the reset may cause,” Slack team added. “However, we do recognize that this is inconvenient for affected users, and we apologize.
This, however, is not the first time when Slack has made headlines for all the wrong reasons. Earlier in March this year, a new backdoor malware called “Slab” was found targeting Slack and Github platforms.

Comments

Post a Comment

Popular posts from this blog

List Of Sql Infected Sites-HACKEREAD

SQL injection  is a  code injection  technique, used to  attack  data-driven applications, in which malicious  SQL  statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker).  SQL injection must exploit a  security vulnerability  in an application's software, for example, when user input is either incorrectly filtered for  string literal   escape characters  embedded in SQL statements or user input is not  strongly typed  and unexpectedly executed. SQL injection is mostly known as an attack  vector  for websites but can be used to attack any type of SQL database. List of SQL Infected sites:  http://www.genhound.co.uk/source.php?id=477 http://www.lcoastpress.com/journal.php?id=8 http://www.travellers-tales.co.uk/travelJournal.php?id=42 http://www.arrowvalves.co.uk/content.php?id=8 http://www.reaplasrack.co.uk/content.php?id=129 http://www.arrowval...
Post a Comment
Read more

Google dork list for XSS (Cross- site scripting)-2020

GOOGLE DORK LIST FOR Cross-site scripting -2020 Google Dorks  its also known as google query ,List “Google Hacking” is mainly referred to pull the sensitive information from Google using advanced search terms that help users to search the index of a specific website, specific file type and some interesting information from unsecured Websites. Google Dorks list  2020 can uncover some incredible information such as email addresses and lists, login credentials, sensitive files, website vulnerabilities, and even financial information (e.g. payment card data). Here you can see an example to understand how  Google Darks   password  used by hackers to gain sensitive information from specific websites. You can also use for Exploit DB site to give you according to you Search state. https://www.exploit-db.com/ “ inurl: domain/ ” “ additional dorks A hacker would simply use in the desired parameters as follows: inurl = the URL of a site you want...
Post a Comment
Read more

Popular Android Zombie game phish users to steal Gmail credentials

The app made its way to Google Play Store was also found phishing users for Facebook credentials. Scary Granny ZOMBY Mod: The Horror Game 2019 is the latest game on Google Play Store that is condemned by the digital security fraternity for sneakily stealing personal data from unsuspecting users. The game, which has been downloaded for over 50,000 times, was available for Android devices making Android users its primary target. The malicious app attempts to collect sensitive information such as Facebook and Gmail login credentials. The malicious activities of Scary Granny ZOMBY Mod were detected by the mobile security firm Wandera. The company found out that the app asks users to enter their Gmail or other Google account credentials, which are then used for collecting private data of the user by hijacking the account –  All of this happens, unsurprisingly, without alerting the user. Gmail phishing page on the supposed gaming app (Screenshot: Wandera) Rese...
Post a Comment
Read more