Slack, a chat room service that has been gaining in popularity over the past few months and was valued at a whopping $2.8 billion, has been hacked.
The hack may have left a massive 500,000 users' information vulnerable, including email addresses, phone numbers, Skype IDs and anything else that the user may have added to their profiles.
"We were recently able to confirm that there was unauthorized access to a Slack database storing user profile information," said Slack Technologies in a blog post. "We have since blocked this unauthorized access and made additional changes to our technical infrastructure to prevent future incidents. We have also released two-factor authentication and we strongly encourage all users to enable this security feature."
The hack reportedly happened over around four days in February this year, and the company did not notify users until it posted its blog post on Friday, March 27. The company also notified specific users whose information may have been compromised.
While it is certainly not the best that Slack has been hacked and that users' information has been put at risk, it is certainly commendable that the company has introduced new security features and steps to help protect information in the future.
"This further highlights the need for all organizations - both startups and established companies - to invest in post-infection software that can quickly identify security breaches and prevent valuable data theft," said Paul Martini, CEO of iBoss, a cybersecurity provider.
According to Slack, it had been developing two-factor authentication in the weeks leading up to the hack, but it decided on an early launch in light of what happened. Not only that, but the team has reportedly been working around the clock to examine and rebuild its system in order to ensure that it is safe and secure from now on.
"We are collaborating with outside experts to cross-check assumptions and ensure that we are meticulous in our approach," stated the company. "In addition we have notified law enforcement of this illegal intrusion."
Slack has been criticized for its security practices in the past. In October 2014, the company made headlines for leaving chat room names open to anyone. The flaw left secret departments from the likes of Apple, Google and Facebook exposed. While Slack at first denied that the design flaw was a bug, it later clarified its policy to ensure that it would not face any issues from the flaw afterwards.
Photo: Sebastien Wiertz | Flickr