Security researchers have found thousands of Slack passwords belonging to over 12,000 workspaces for sale on the dark web. The prices ranged from $.50 per $300 depending on the accounts’ value. Researchers have also found that over 4,000 of the workspaces were likely to be corporate or government channels.
However, while this may seem risky for Slack users, researchers note that many hackers aren’t buying or showing interest in these passwords. There are a couple of reasons why these slack passwords aren’t very attractive to hackers.
- Slack workspaces don’t have a lot of valuable information. Because many Slack workspaces are tied to organizations, hackers are looking for information they can use to either get into a business’ network, or information they can further steal and sell on the dark web. Slack conversations don’t often contain any concrete or sensitive data.
- Slack isn’t deeply integrated into a company’s network. Unlike Google Apps, or Microsoft Teams, Slack is used as a standalone web-app, meaning that log-in details for Slack won’t give you access to an organization’s other accounts. With Microsoft Teams, for example, the same login could be used for their cloud service (OneDrive), which would provide hackers with a trove of sensitive and valuable data.
So if you’re worried about your Slack account getting hacked, you’re better off changing your password (or enabling in some form of 2FA), and resetting any account where you’ve reused the password. Otherwise, your organization likely has some security measures in place to prevent hackers getting in with a password.
For more details about the hack, visit ZDNet.