The popular group chat tool Slack suffered a hack of its central database last month, the company admitted Friday, potentially compromising users’ profile information like log-on data, email addresses and phone numbers.
The database also holds any additional information users may have added to their profiles like their Skype IDs.
The passwords were encrypted using a hashing technique. There was no indication the hackers were able to decrypt the passwords, Slack Technologies said in a blog post. No financial or payment information was accessed or compromised, it said.
The unauthorized access took place over about four days in February. The company said it has made changes to its infrastructure to prevent future incidents.
Slack was contacting a “very small number” of individual users who had suspicious activity tied to their accounts, or whose messages may have been accessed. Slack did not say how many users it thinks may have been affected in this way. A company spokeswoman declined to comment further.
There’s been strong interest in Slack’s business chat app since it launched last year, and its user base now tops 500,000.
To beef up security, Slack added a two-factor authentication feature on Friday. If it’s enabled, users must enter a verification code in addition to their normal password whenever they sign in to Slack. The company recommends that all users turn it on.
Slack has also released a password kill-switch feature, to let team owners and administrators reset passwords for an entire team at once. Barring that, users can reset their passwords in their profile settings.