Team communication app Slack announced on Friday that its database that holds all user information had been hacked last month.
"Slack maintains a central user database which includes user names, email addresses, and one-way encrypted ('hashed') passwords," Anne Toth, Slack's vice president of policy and compliance strategy, wrote in a blog post. "In addition, this database contains information that users may have optionally added to their profiles, such as phone number and Skype ID.
"Information contained in this user database was accessible to the hackers during this incident."
To prevent future attacks, the email start-up stepped up its online security by offering a two-factor authentication process. Users are encouraged to use it which will require them to provide two means of identification; one is typically a physical token such as a card while the other one is something that needs to be memorized such as a security code, prior to accessing their accounts.
Aside from the new authentication process, Toth talked about the Password Kill Switch feature that "allows for both instantaneous team-wide resetting of passwords and forced termination of all user sessions for all team members (which means that everyone is signed out of your Slack team in all apps on all devices)."
While Slack is not as large of a company as banks and major retailers, the incident highlights that even start-ups are now vulnerable to cyber attacks. The company database stores usernames, email addresses, phone numbers, Skype IDs and passwords, which can be used to fetch more data, according to the New York Times.
Security experts warned that the hackers have enough information to access Slack user accounts, especially those that are using simple passwords. Slack confirmed to The Verge that the team message history was not compromised during the attack, as well as any payment information.