I just got a Slack message from my editor that the 2015 Slack password breach is back in the news. The real question is: Was that really my editor or just someone who breached his password in 2015 and is masquerading as him? There was a winky emoji, so it was most likely him.
Some four years after Slack suffered a data breach, the company has decided to reset the passwords of users it believes were affected. This issue only applies to people who created Slack accounts before March 2015 and then never changed their passwords and don’t have to access Slack through their office’s single-sign-on (SSO) provider. Basically, according to Slack, this doesn’t impact “the approximately 99% who joined Slack after March 2015.” We have stumbled on the one time it pays not to be in the 1%.
The breach happened back in 2015, when hackers gained access to the messaging app’s user profile database, including passwords. A bug bounty hunter reportedly contacted Slack recently about a list of allegedly compromised Slack account passwords, which are believed to stem from the 2015 hack. So to make sure that the 1% of Slack users who have had the same password since 2015 aren’t compromised, Slack is changing their passwords for them.
The company said it has no reason to believe accounts were compromised, but in the words of my eighth-grade geometry teacher, they didn’t show their work. This is a good reminder, though: Change your passwords frequently. Here’s a list of what not to choose.