On Friday, the business communication app Slack experienced hacker attacks on its central user database, resulting in a possible breach of user data.Slack announced on its corporate blog that it was hacked over the course of four days in February, and that some number of users’ data was compromised.
That data included email addresses, usernames, encrypted passwords, and, in some cases, phone numbers and Skype IDs that users had associated with their accounts.
The company claims that its passwords were sufficiently scrambled to be unreadable to hackers, but it also admits that it detected “suspicious activity” on a “small number” of Slack user accounts, implying that users’ communications were in at least some cases fully accessed by the intruders.
The attacks occurred for about four days in February.
“When a company reaches a certain size or notoriety, it’s going to get hacked,” said Tripp Jones, a general partner at venture capital firm August Capital. “Unfortunately, until someone comes up with a better way, the battle has shifted to identification, containment and damage mitigation.”
Twitch also said it encrypted passwords, but warned that hackers might have been able to capture passwords in the clear as users were logging on.
Twitch had a different experience. After resetting users passwords, Twitch initially introduced longer password character requirements, but had to dial back its new 20-character password length requirement to 8 characters after users complained.
