The price of getting hacked could offset the amount of profit a company has generated and the deep trust your brand has engendered in the customers. This was recently evident with Slack, a collaboration platform for office workers, which admitted that it had succumbed to a security breach in February 2015.
Just last year, the company was valued at $2.8 billion, thanks to the rapid growth in its user base. Now, the company’s admission to a cyber attack on its infrastructure only confirms that Slack is primed yet to fight cyber threats.
For many reasons. Chief among them is that Slack did not implement a two-factor authentication as its default system for securing individual accounts of users. Following the breach, the company announced that it had just begun to implement the two-step verification process, if quite late. This method of access authentication has been in popular use among websites for a long time already.
And as if that is not enough, some have even activated the encryption for the Web services. That fact that Slack is only beginning to appreciate the value of two-factor authentication means it is not taking the users’ security very seriously.
Slack said it was in the final works of the two-step verification prior to the attack, with a set schedule to roll it out in a few weeks. Now, following the attack, the two-factor authentication may lack the full security features since it was released haphazardly out of dire circumstances. The company promised to improve the newly minted feature in the coming weeks or months, emphasizing that it is the higher level of security it provides that matters at the moment.
Slack has also added a password kill switch for administrators in order to let them log out all users and reset their passwords. But no matter how robust these new features are, the fact is that damage has been done, and it’s impossible to repair the devastation it has brought upon Slack’s reputation.
The hacking took place for four days last month, resulting in the loss of user data, which includes email addresses, usernames, passwords, phone numbers and Skype IDs. The passwords compromised were encrypted, according to Slack, and were made in a complicated jumble of characters to make them hard to read. But it seemed that move did not work because Slack also reported irregular activities of some accounts, indicating they might have been invaded by the attackers.
Slack has already reached out to the users affected. Nonetheless, Slack vowed to do everything in its capacity to prevent such incident from happening again, especially now that it has enabled the two-factor authentication.