back to article Flak for Slack chaps in yak app hack flap: User database whacked

Workplace chat app Slack, popular among West Coast startup hipsters and others, has been hacked, its makers said on Friday. Slack policy and compliance strategy veep Anne Toth – who previously worked at Google and Yahoo! – has explained how over a four-day period in February, attackers were able to access a database containing …

  1. gerdesj Silver badge

    Check

    Quotes in place - check.

    Lots of commas and all full stops accounted for - check.

    Sub-headline - can't be bothered to check.

    LET'S HIT PUBLISH, IT'S PUB O'CLOCK.

  2. fearnothing

    I approve of this headline.

  3. Doctor_Wibble

    Slack app? Never heard of it!

    When I saw the (sub)headline I thought it was linux distro related, how quaint of me!

    Instead it turns out to be IRC with icons and attachments. Is that it? If so, how does that make it worth a bazillion dollars ffs?

    1. Kanhef

      Re: Slack app? Never heard of it!

      Relevant: http://www.xkcd.com/1497/

    2. boltar Silver badge

      Re: Slack app? Never heard of it!

      "If so, how does that make it worth a bazillion dollars ffs?"

      You'd be amazed how many rich fools running venture capital firms there are in the world.

    3. SolidSquid

      Re: Slack app? Never heard of it!

      It's got a few bells and whistles added to it, like being able to generate a message on an accepted pull request in GIT, but otherwise it's IRC polished up so that it's easier to sell management on. You can even connect to it using IRC clients (we have it in the office technically, but it's rarely used)

  4. Destroy All Monsters Silver badge

    has a $1.2bn-plus valuation

    what

    1. BongoJoe

      By the owners' mums

  5. IrishFella

    Few missing questions

    It has been over a month since this breach, and the notification is coming exceptionally late. They know exactly when the service was breached, what information was accessible, but it would seem that the start of the investigation was only extremely recent. Their auditing and alerting practices at the time were seemingly not sufficient to discover the breach ‘as it happened’ but much later. They have also not confirmed whether this was from an external escalation (customer reporting) rather than their internal controls.

    Further to this they have no details on how the breach occurred and the measures that have been taken to ensure that the technique, technology or policy has been changed and/or remediated to ensure less risk of reoccurrence. It does not instill much confidence.

    1. Anonymous Coward
      Anonymous Coward

      Re: Few missing questions

      At least they fessed up unlike some banks and government departments who are quite happy to sweep these kind of breaches under the carpet and not tell anybody.

      Anon because I still have to pay the bills.

    2. Anonymous Coward
      Anonymous Coward

      Re: Few missing questions

      They didn't even tell users to change passwords, just said they use bcrypt which is one-way. Uh huh, sure.

      This doesn't surprise me given their primary userbase: wordpress users.

  6. Anonymous Coward
    Anonymous Coward

    Headline Hall of Fame

    Thank you, headline writer.

  7. jobardu

    Worth a nobel prize

    If there was a Nobel Prize for headline writers the author of this one would certainly deserve it. How could you not read this article after seeing the headline?

  8. BongoJoe

    "Slack policy and compliance strategy..."

    Quite.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019