Advertisement
Canada markets close in 3 hours 36 minutes

  • S&P/TSX

    21,643.29
    -96.91 (-0.45%)
     

  • S&P 500

    5,061.52
    -0.30 (-0.01%)
     

  • DOW

    37,891.66
    +156.55 (+0.41%)
     

  • CAD/USD

    0.7234
    -0.0019 (-0.26%)
     

  • CRUDE OIL

    85.30
    -0.11 (-0.13%)
     

  • Bitcoin CAD

    85,330.57
    -3,425.88 (-3.86%)
     

  • CMC Crypto 200

    885.54
    0.00 (0.00%)
     

  • GOLD FUTURES

    2,405.90
    +22.90 (+0.96%)
     

  • RUSSELL 2000

    1,967.22
    -8.49 (-0.43%)
     

  • 10-Yr Bond

    4.6550
    +0.0270 (+0.58%)
     

  • NASDAQ

    15,890.83
    +5.82 (+0.04%)
     

  • VOLATILITY

    18.40
    -0.83 (-4.32%)
     

  • FTSE

    7,820.36
    -145.17 (-1.82%)
     

  • NIKKEI 225

    38,471.20
    -761.60 (-1.94%)
     

  • CAD/EUR

    0.6807
    -0.0017 (-0.25%)
     
MARKETS LIVE BLOG:

STOCKS TRADE MIXED AS COMPANY EARNINGS ROLL IN

Shares of Live Nation, parent company of Ticketmaster, fall on antitrust probe report

Slack's security breach may be worse than it's letting on

Cale Guthrie Weissman
Slack CEO Stewart Butterfield
Slack CEO Stewart Butterfield

(Slack)Slack CEO Stewart Butterfield

Earlier today the work-based chat application Slack revealed that its database was breached. The company, which is said to be worth something north of $2 billion, confirmed in a blog post that “there was unauthorized access to a Slack database storing user profile information.”

Security researchers are now looking into what went wrong and how the breach may affect users. While Slack assured customers that all its passwords were encrypted, don't breathe a sigh of relief.

“The company is emphasizing that the passwords are encrypted and salted, but that simply means they will take just a little longer to crack,” said Alex Heid, chief research officer at SecurityScorecard.

ADVERTISEMENT

Once they are cracked, explained Heid, then the attackers can reuse the credentials to figure out these users’ accounts elsewhere. This means any online service like Amazon, Netflix, Google, etc. Those who are most at risk, said the researcher, are “people who have reused their same password for everything.”

Users should not only change their Slack passwords and enable two-factor authentication (as Slack recommended), but do this to most other services online too.

Additionally, Slack users will likely see an uptick of phishing campaigns since their emails have been released. So users should be on the lookout for any unsolicited attachments and illegal email campaigns, which could contain malware.

While Slack did respond promptly and inform all users about the issue, Heid said that its security posture “leaves a lot to be desired.” Beyond this specific breach, Slack appears to have a few questionable practices. For instance, any company that uses Slack can find their sub-domain via Google. This means that if an attacker wants to know which company uses Slack it can simply perform a Google search. Heid checked this himself and was even able to dig up 'Activation Links' tied to specific user accounts.

As the researcher wrote in a follow-up email, “[Slack is] vulnerable by design, and I don’t think this will be the last we have heard of these issues.”

NOW WATCH: The science behind why technology is so addictive



More From Business Insider