Pages: [1]   Go Down
  Print  
Author Topic: Slack launches two-factor authentication following unauthorized database access  (Read 644 times)
HCK
Global Moderator
Hero Member
*****
Posts: 79425



« on: March 28, 2015, 03:00:19 pm »

Slack launches two-factor authentication following unauthorized database access

<div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even" property="content:encoded"><p class="intro">Slack has enabled two-factor authorization for users, following unauthorized access to their database which stores user profile information.</p> <p>Slack had the database which stores user profile information accessed without authorization, and to ensure account security they have rolled out two-factor authorization for all accounts. A very small number of accounts were found to be affected by suspicious activity, and Slack has already reached out to those users.</p> <!--break--> <p>In addition to rolling out two-factor authorization, Slack has put a "Password Kill Switch" in place for team owners. The kill switch will allow team owners to force a termination of all sessions, and require all passwords to be reset with just one button.</p> <p>The new security measures show that Slack takes this all very serious. Slack did share some information about the attack:</p>
<ul><li>Slack maintains a central user database which includes user names, email addresses, and one-way encrypted ("hashed") passwords. In addition, this database contains information that users may have optionally added to their profiles such as phone number and Skype ID.</li> <li>Information contained in this user database was accessible to the hackers during this incident.</li> <li>We have no indication that the hackers were able to decrypt stored passwords, as Slack uses a one-way encryption technique called hashing.</li> <li>Slack's hashing function is bcrypt with a randomly generated salt per-password which makes it computationally infeasible that your password could be recreated from the hashed form.</li> <li>Our investigation, which remains ongoing, has revealed that this unauthorized access took place during a period of approximately 4 days in February.</li> <li>No financial or payment information was accessed or compromised in this attack.</li> </ul>
<p>Slack urges that users enable two-factor authorization on their account, and they have laid out very simple instructions of how to do so.</p> <p>Source: Slack</p> </div></div></div><img width='1' height='1' src='' border='0'/><br clear='all'/>

<a href="http://da.feedsportal.com/r/224850923334/u/49/f/616881/c/33998/s/44deeacf/sc/28/rc/1/rc.htm" rel="nofollow"><img src="http://da.feedsportal.com/r/224850923334/u/49/f/616881/c/33998/s/44deeacf/sc/28/rc/1/rc.img" border="0"/>[/url]
<a href="http://da.feedsportal.com/r/224850923334/u/49/f/616881/c/33998/s/44deeacf/sc/28/rc/2/rc.htm" rel="nofollow"><img src="http://da.feedsportal.com/r/224850923334/u/49/f/616881/c/33998/s/44deeacf/sc/28/rc/2/rc.img" border="0"/>[/url]
<a href="http://da.feedsportal.com/r/224850923334/u/49/f/616881/c/33998/s/44deeacf/sc/28/rc/3/rc.htm" rel="nofollow"><img src="http://da.feedsportal.com/r/224850923334/u/49/f/616881/c/33998/s/44deeacf/sc/28/rc/3/rc.img" border="0"/>[/url]

<img src="[url]http://da.feedsportal.com/r/224850923334/u/49/f/616881/c/33998/s/44deeacf/sc/28/a2.img" border="0"/>[/url]<img width="1" height="1" src="http://pi.feedsportal.com/r/224850923334/u/49/f/616881/c/33998/s/44deeacf/sc/28/a2t.img" border="0"/><img src="//feeds.feedburner.com/~r/TheIphoneBlog/~4/2pygNoMf0MA" height="1" width="1" alt=""/>

Source: Slack launches two-factor authentication following unauthorized database access
Logged
Pages: [1]   Go Up
  Print  
 
Jump to: