Having received a batch of compromised credentials related to the company’s 2015 security breach via its bug bounty program, Slack has reset the passwords for nearly 1% of its users who it believed were impacted (via ZDNet). In total, Slack says it would end up resetting passwords for roughly 100,000 accounts.
“We immediately confirmed that a portion of the email addresses and password combinations were valid, reset those passwords, and explained our actions to the affected users,” Slack explained on its website.
Although the batch of compromised credentials included 65,000 passwords, Slack has decided to reset passwords for all users who were active at the time of the 2015 breach:
Slack said this batch of credentials came via its bug bounty program. The company said it initially believed the data came from users who had their PCs infected with malware, or users who reused passwords across different services.
“However, as more information became available and our investigation continued, we determined that the majority of compromised credentials were from accounts that logged in to Slack during the 2015 security incident,” Slack said.
At the same time, Slack has also assured its users that while it had “no reason to believe that any of these accounts were compromised,” it had only taken the step as a precaution.