WIRED

Slack’s and Teams’ Lax App Security Raises Alarms

By Andy Greenberg — September 23^rd 2022 at 16:52

New research shows how third-party apps could be exploited to infiltrate these sensitive workplace tools.

Naked Security

Slack admits to leaking hashed passwords for five years

By Paul Ducklin — August 8^th 2022 at 15:14

"When those invitations went out... somehow, your password hash went out with them."

The Hacker News

Slack Resets Passwords After a Bug Exposed Hashed Passwords for Some Users

By Ravie Lakshmanan — August 6^th 2022 at 08:44

Slack said it took the step of resetting passwords for about 0.5% of its users after a flaw exposed salted password hashes when creating or revoking shared invitation links for workspaces. "When a user performed either of these actions, Slack transmitted a hashed version of their password to other workspace members," the enterprise communication and collaboration platform said in an alert on 4th

WIRED

A Slack Bug Exposed Some Users’ Hashed Passwords for 5 Years

By Lily Hay Newman — August 5^th 2022 at 22:09

The exposure of cryptographically scrambled passwords isn’t a worst-case scenario—but it isn’t great, either.

FreshRSS

Slack’s and Teams’ Lax App Security Raises Alarms

Slack admits to leaking hashed passwords for five years

Slack Resets Passwords After a Bug Exposed Hashed Passwords for Some Users

A Slack Bug Exposed Some Users’ Hashed Passwords for 5 Years