"The only users at risk are people who began using Slack before February of 2015 who have not reset their passwords since the break-in took place, and have not implemented two-factor authentication on their accounts."
I'd argue that users that had used the same password on other systems would also be 'at risk'. Users that use common variants of a password would, I should think, also be at risk.