Slack is an excellent communication and collaboration tool. In a short span, it amassed more than 10 million monthly active users and is now a de-facto communication app for most workspaces. But a security researcher discovered a vulnerability in Slack on 17 July 2022. Slack immediately took action and fixed the bug on the same day.
Slack also sent out emails to their users informing them about the existing and now-fixed bug in the app. If you also received a mail from Slack, it’s time to reset your Slack password.
What was the Slack bug?
As per the Slack email, the bug existed in the Slack invite link feature. Whenever a user created or revoked an invite link, all the existing users in the Slack workspace would receive the hashed password of the user who created the invite link.
However, no one would be able to see the passwords in the Slack workspace. It would only be visible to anyone intercepting the network traffic.
Slack assured that the passwords sent to the users weren’t plain text passwords. They were encrypted and were very difficult to decrypt. Moreover, Slack uses salting to make passwords even more secure so the passwords won’t be easy to decrypt, even by brute force.
It is assuring to hear that but according to the security standpoint, a minor flaw like this can compromise a lot of Slack accounts. According to a report by Wired, the bug affected only 0.5 % of the total Slack users, which is still a huge number if you compare it to the number of Slack users monthly.
So, Slack fixed the vulnerability and reset the passwords of users. You can check your email inbox for mail from Slack. If you did receive the mail, you will have to change your password to access Slack. It is a painless process but if you feel miserable while creating new passwords, you can use a password manager.
It will suggest random passwords that are hard to crack, even with brute force. Slack also advises using two-factor authentication to add a layer of security to your Slack account.