Slack admits to leaking hashed passwords for 5 years – Bare Safety


Fashionable collaboration device Slack (to not be confused with the nickname of the world’s longest-running Linux distro, Slackware) has simply owned as much as a cybersecurity SNAFU.

In keeping with a information bulletin entitled Discover about Slack password resets, the corporate admitted that it had inadvertently been oversharing private knowledge “when customers created or revoked a shared invitation hyperlink for his or her workspace.”

From 2022-04-17 to 2022-07-22 (we assume each dates are inclusive), Slack stated that the info despatched to the recipients of such invites included…

…look forward to it…

…the sender’s hashed password.