In a recent announcement Slack, the company online courses has made it known to everyone that it is going to reset all passwords from accounts that were not insured after the data breach suffered by 2015.
Obviously this announcement was followed by a variety of user reactions and queries, and in turn Slack informed that this reset would be about 1% of accounts. In addition, its representative company said that this process only affects the users who created them accounts before March of 2015, who have not changed their password since then and their account does not require a one-sign-on / SSO connection.
For the history of 2015 in March, the company detected unauthorized access to a database containing information about user accounts, namely names, emails, passwords, personal phone numbers, etc. Of course, this access was made by hackers, which they granted to the company's system code. Luckily they were unable to intercept financial information.
Slack then reinstated some passwords users, but recommended that others change their passwords immediately and activate it 2FA. Recently, the company has realized that other users' data may have been compromised. Usually this is accomplished with either one malware either by reusing the same passwords in other services. The second seems to be the most likely scenario according to the company.
Immediately Slack verified the accounts of such users, reset it to passwords and informed each user affected in any way by an appropriate notice.
For now, Slack is still investigating the incident with the support of the appropriate group of people and is about to re-update and update the process.