Slack admits to leaking hashed passwords for 5 years – Bare Safety


In style collaboration device Slack (to not be confused with the nickname of the world’s longest-running Linux distro, Slackware) has simply owned as much as a long-running cybersecurity SNAFU.

In response to a information bulletin entitled Discover about Slack password resets, the corporate admitted that it had inadvertently been oversharing private information “when customers created or revoked a shared invitation hyperlink for his or her workspace.”

From 2017-04-17 to 2022-07-17 (we assume each dates are inclusive), Slack mentioned that the information despatched to the recipients of such invites included…

…await it…

…the sender’s hashed password.