Slack is one of the most popular apps today for teams, enabling workplace collaboration and chats. Its user database also just got hacked.
According to the company's blog post, there was unauthorized access to Slack's database of user profile information: emails, usernames, and passwords--as well as any other optional information added to profiles, such as phone number and Skype ID. Although the company says passwords were encrypted, it's a good time to:
- Change your password. And make sure you're not using the same password anywhere else.
- Turn on two-factor authentication. You'll need to download Google Authenticator, Duo Mobile, or Microsoft Authenticator for your phone to do this.
It's funny that Slack announced two-factor authentication is now available to protect your account at the same time the company revealed the security breach. Not laugh-out-loud funny, but isn't-that-interesting funny. (Not picking on Slack. This happens all to often, with security breaches seeming to be the final push for companies to roll out 2FA.)
Slack also is rolling out a "password kill" feature so administrators can reset the passwords for every team member and force them to create new passwords.
For all other sites you can and should enable two-factor authentication for, check out Two Factor Auth.