The email from Slack to reset passwords is legit

本文共有2399个字。 # / a

article thumbnail

 

 

Emails sent to a number of Slack users about their account password being reset are genuine, with the work communications app's developers doing so after the discovery of a security-related bug in the tool.

Some Slack users were greeted on Monday by a notification that their account password was reset. While normally such emails are used for phishing attempts by online criminals, this time it's a legitimate communication from Slack itself.

Explained in a blog post, Slack notified approximately 0.5% of its user base that the company had reset passwords on August 4, responding to a bug. The passwords were reset "for the sake of caution," and required users to set a new password for the account.

The reason for the reset is due to a bug discovered by a security researcher, disclosed to Slack on July 17. When users created or revoked a shared invitation link for their workspace, Slack sent a hashed version of the user's password to other workspace users.

Slack is confident that no users were negatively affected by the bug, as the hashed password wasn't visible in the Slack client itself, and required active monitoring of encrypted network traffic to pick up. Slack also doesn't believe that anyone was able to get plaintext passwords due to the issue, but reset the relevant passwords as a precautionary measure.

According to Slack, all users who created or revoked the shared invitation link between April 17, 2017 and July 17, 2022 were potentially affected.

Slack advises that concerned users can check out personal access logs for their account to review access, and to set up two-factor authentication as well as the use of a password manager capable of creating unique per-service passwords.

版权声明:本文来源自网络,经修正后供个人鉴赏、娱乐,如若侵犯了您的版权,请及时联系我们进行删除!

添加新评论

暂无评论