In response to the massive hack, which may have compromised about half a million emails, Slack has released a team-wide "kill switch" and two-factor authentication to help lock down its users' account.
Slack, the company behind its namesake team chat software, was about two weeks away from releasing its two-factor authentication when it realized its central database had been hacked.
With just user interface tweaks left, Slack released the two-step authentication now to reassure its users after the massive security breach shock some confidence in the company and its software. Two factor authentication, as its name implies, entails two layers of security: a password and a verification code.
Accompanying the two-factor authentication, Slack now includes a password team-wide kill switch. Team managers can flip the kill switch whenever security concerns emerge.
The kill switch logs all users out of their sessions and resets all of their passwords. While the kill switch may give Slack users some peace of mind, it appears it would have been of no use in the Slack hack because the intrusion occurred roughly a month before it was spotted.
On March 27, Slack reported that its central database was hacked. The intrusion took place over the course of four days in February, according to Slack.
Slack began communicating with the affected users as soon as the intrusion was spotted, according to Anne Toth, Slack's vice president of Policy & Compliance Strategy.
Email addresses, phone numbers, user names and Skype IDs may have been compromised in the attack on Slack's central user database, Toth said. However, no financial data, including payment information, was compromised in the Slack hack, according to Toth.
"Since the compromised system was first discovered, we have been working 24 hours a day to methodically examine, rebuild and test each component of our system to ensure it is safe," said Toth.
Slack has been working with security experts from outside organizations to review the company's investigation and law enforcement agencies have been notified of the intrusion, Toth said.
"We are committed to continual improvement of both internal security practices and development of features that help you take control of your own and your team's security on Slack," Toth said.
Slack enjoys integration with a long list of third-party software that include programs such as Google Hangouts, Google Drive, Dropbox, Twitter, Zendesk, GoToMeeting and GitHub. And the company boasts the patronage of companies such as The New York Times, BuzzFeed and Adobe.
