|
Title: Slack launches two-factor authentication following unauthorized database access Post by: HCK on March 28, 2015, 03:00:19 pm Slack launches two-factor authentication following unauthorized database access
<div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even" property="content:encoded"><p class="intro">Slack has enabled two-factor authorization for users, following unauthorized access to their database which stores user profile information.</p> <p>Slack (http://www.imore.com/tag/slack) had the database which stores user profile information accessed without authorization, and to ensure account security they have rolled out two-factor authorization for all accounts. A very small number of accounts were found to be affected by suspicious activity, and Slack has already reached out to those users.</p> <!--break--> <p>In addition to rolling out two-factor authorization, Slack has put a "Password Kill Switch" in place for team owners. The kill switch will allow team owners to force a termination of all sessions, and require all passwords to be reset with just one button.</p> <p>The new security measures show that Slack takes this all very serious. Slack did share some information about the attack:</p> <ul><li>Slack maintains a central user database which includes user names, email addresses, and one-way encrypted ("hashed") passwords. In addition, this database contains information that users may have optionally added to their profiles such as phone number and Skype ID.</li> <li>Information contained in this user database was accessible to the hackers during this incident.</li> <li>We have no indication that the hackers were able to decrypt stored passwords, as Slack uses a one-way encryption technique called hashing.</li> <li>Slack's hashing function is bcrypt with a randomly generated salt per-password which makes it computationally infeasible that your password could be recreated from the hashed form.</li> <li>Our investigation, which remains ongoing, has revealed that this unauthorized access took place during a period of approximately 4 days in February.</li> <li>No financial or payment information was accessed or compromised in this attack.</li> </ul><p>Slack urges that users enable two-factor authorization on their account, and they have laid out very simple instructions (https://slack.zendesk.com/hc/en-us/articles/204509068) of how to do so.</p> <p>Source: Slack (http://slackhq.com/post/114696167740/march-2015-security-incident-and-launch-of-2fa)</p> </div></div></div><img width='1' height='1' src='(http://tipb.com.feedsportal.com/c/33998/f/616881/s/44deeacf/sc/28/mf.gif)' border='0'/><br clear='all'/> <a href="http://da.feedsportal.com/r/224850923334/u/49/f/616881/c/33998/s/44deeacf/sc/28/rc/1/rc.htm" rel="nofollow"><img src="http://da.feedsportal.com/r/224850923334/u/49/f/616881/c/33998/s/44deeacf/sc/28/rc/1/rc.img" border="0"/>[/url] <a href="http://da.feedsportal.com/r/224850923334/u/49/f/616881/c/33998/s/44deeacf/sc/28/rc/2/rc.htm" rel="nofollow"><img src="http://da.feedsportal.com/r/224850923334/u/49/f/616881/c/33998/s/44deeacf/sc/28/rc/2/rc.img" border="0"/>[/url] <a href="http://da.feedsportal.com/r/224850923334/u/49/f/616881/c/33998/s/44deeacf/sc/28/rc/3/rc.htm" rel="nofollow"><img src="http://da.feedsportal.com/r/224850923334/u/49/f/616881/c/33998/s/44deeacf/sc/28/rc/3/rc.img" border="0"/>[/url] <img src="http://da.feedsportal.com/r/224850923334/u/49/f/616881/c/33998/s/44deeacf/sc/28/a2.img" border="0"/> (http://da.feedsportal.com/r/224850923334/u/49/f/616881/c/33998/s/44deeacf/sc/28/a2.htm)<img width="1" height="1" src="http://pi.feedsportal.com/r/224850923334/u/49/f/616881/c/33998/s/44deeacf/sc/28/a2t.img" border="0"/><img src="//feeds.feedburner.com/~r/TheIphoneBlog/~4/2pygNoMf0MA" height="1" width="1" alt=""/> Source: Slack launches two-factor authentication following unauthorized database access (http://feedproxy.google.com/~r/TheIphoneBlog/~3/2pygNoMf0MA/story01.htm) |