Office communication platform Slack has admitted to accidentally exposing the hashed passwords of some users.  According to Wired, the vulnerability which exposed cryptographically scrambled versions of some users’ passwords goes back five years, between April 17, 2017 and July 17, 2022 and impacted anyone who created or revoked a shared invite link.  The workspace application began sending password reset links to affected users on August 4, a few days after an independent security researchers disclosed the vulnerability to Slack on July 17. Slack said the flaw impacted about 0.5 percent of its users, which could mean approximately 50,000 users, as the company said it had over 10 million daily active users in 2019.  “We immediately took steps to implement a fix and released an update the same day the bug was discovered, on July 17th, 2022,” the company said in a statement.

Read full article on Security Magazine