Slack would have been wiser – in an abundance of caution – to reset all of its users’ passwords back in March 2015.
After all, leaving it until four years later looks a little bit… slack.
A researcher uncovered a serious vulnerability that could have helped hackers to seize control of users’ Slack accounts.
The good news is that Slack fixed the issue impressively quickly and clearly.
Business secrets could be at risk, after researchers discovered a worrying number of developers were posting access credentials for the Slack chat system on GitHub, embedded inside code repositories and public gists.
Read more in my article on the Tripwire State of Security blog.