Slack is resetting passwords due to 2015 hack

Slack app on phone

The work messaging platform is still dealing with fallout from a 2015 security incident.

Chesnot / Getty Images

If you’re a long time Slack users, you might get a notification today that your password needs to be reset. The work messaging app said Thursday that it’s resetting passwords for approximately 1% of Slack accounts due to the 2015 security incident.

Slack said its resetting passwords for all accounts that were active at the time of a 2015 incident, except those that have already changed their passwords since March 2015 and accounts that use a single sign on service, like Okta or OneLogin. Roughly 65,000 accounts are getting reset, according to ZDNet.

“We have no reason to believe that any of these accounts were compromised,” Slack said in a blog post, “but we believe that this precaution is worth any inconvenience the reset may cause.”

Back in 2015, hackers gained access to a Slack database that stored user profile information, including usernames and encrypted passwords, according to the company. The attackers also apparently inserted code into Slack that “allowed them to capture plaintext passwords as they were entered by users at the time.” Slack notified impacted users at the time but said it recently was contacted about “potentially compromised Slack credentials” that it determined to be accounts logged in during the 2015 security incident.

In its post about the incident, Slack also encouraged users to set up two-factor authentication, keep computer software up to date and use a password manager. 

Originally published July 18, 7:42 a.m. PT.
Update, 8:20 a.m.: Adds more information about the 2015 security incident.