Hackers targeted one of Sand Hill Road's billion-dollar darlings, the corporate chatroom app Slack. According to the startup, hackers broke into the company's central database and stole names, passwords, and email addresses over a four-day period in February.
In a blog post, Slack vice president Anne Toth wrote that there is no longer anything for users to worry about. The company says it has patched the data breach and added a two-factor authentication feature and a password kill switch to shore up users' accounts. The good news, Slack says, is that no financial information was lost, and it does not appear the hackers decrypted the exposed passwords.
"We are very aware that our service is essential to many teams. Earning your trust through the operation of a secure service will always be our highest priority. We deeply regret this incident and apologize to you, and to everyone who relies on Slack, for the inconvenience," Toth wrote.
Slack, which was founded by Flickr co-founder Stewart Butterfield, has doubled in value over the last five months. When it closes a reported $160 million funding round from Index Ventures, Horizons Ventures, Institutional Venture Partners, and DST Global, the company will have a $2.8 billion valuation, making it one of the most valuable venture capital-backed businesses in the world.
Slack's customers span the tech, financial, and health care worlds, giving the hack bigger-than-Sony potential if hackers had been able to steal users' financial information and chat data. With half a million daily users, hundreds of companies are using the fast-and-casual Slack chatrooms to share information, plans, and most likely, off-color gossip.
This wasn't Slack's first security issue. In October 2014, a bug in the company's software revealed chat room lists for the organizations using the app. As with any company that stores user information on a central database, the danger of hackers accessing that database is always looming. One thing Slack should think about is decentralizing user information by letting user information live on a user's device.
If your company uses Slack, make sure to enable its new two-factor authentication feature here.