Slack will reset the passwords of users it believes are affected by a historical data breach that affected the company more than four years ago.
In 2015, the company said it was hit by hackers who gained access to its user profile database, including their scrambled passwords. But the hackers inserted code that scraped the user’s plaintext password as it was entered by users at the time.
Slack said it was recently contacted through its bug bounty about a list of allegedly compromised Slack account passwords. The company believes the case may relate to the 2015 data breach incident.
Slack said the security incident does not apply to “the approximately 99% who joined Slack after March 2015” or those who changed their password since.
Accounts that require single sign-on through a company’s network are not affected.
The company also said it has no reason to believe accounts were compromised but provided no evidence for its claim.
Slack said 1% of accounts in 2015 were affected by the breach. An earlier report suggested that the figure may amount to 65,000 accounts. When reached, a Slack spokesperson would not comment further nor confirm the figure.
Slack recently debuted on the New York Stock Exchange, valuing the company at about $15.7 billion.