Slack is rapidly gaining popularity for teams who want to chat with each other's members across the globe, but the app was reportedly hacked sometime in February, putting more than 500,000 daily active user accounts at risk.
The app's data base were compromised to hackers for about four days. However, Slack said that the hack was already patched and they are now implementing two-factor authentication to further boost its users' security.
Anne Toth, the head of Policy and Compliance at Slack, said that the central user database contains encrypted passwords, emails, usernames and other profile info that people add to their account such as Skype IDs and phone numbers, according to Tech Crunch.
Slack said that the encryption on their users' passwords was done using "bcrypt," a one-way hash function. Several security experts are discussing whether the said encryption method is enough to protect Slack users.
It is recommended that users still change their passwords just in case, but Slack said that financial data such as billing and credit card information were not exposed to the hackers.
In addition to the two-factor authentication, Slack also added a password kill switch for team administrators. This allows them to kick every member out of the Slack chat-room and to force them to do a password reset.
"Since the compromised system was first discovered, we have been working 24 hours a day to methodically examine, rebuild and test each component of our system to ensure it is safe," Toth wrote on the company blog post.
Slack said that no files or messages from their users were accessed by the hackers. Should the company find any evidence that someone or a team was compromised due to the hack, Slack ensures that they will be contacted directly.
To date, Slack's fund raising now surpasses the $160 million mark.