Slack will reset the passwords of users it believes are affected by a historical data breach that affected the company more than four years ago.
In 2015, the company said it was hit by hackers who gained access to its user profile database, including their scrambled passwords. But the hackers inserted code that scraped the user’s plaintext password as it was entered by users at the time.
Slack said it was recently contacted through its bug bounty about a list of allegedly compromised Slack account passwords. The company believes the case may relate to the 2015 data breach incident.
Slack said the security incident does not apply to “the approximately 99% who joined Slack after March 2015” or those who changed their password since.
Accounts that require single sign-on through a company’s network are not affected.
The company also said it has no reason to believe accounts were compromised but provided no evidence for its claim.
Slack said 1% of accounts in 2015 were affected by the breach. An earlier report suggested that the figure may amount to 65,000 accounts. When reached, a Slack spokesperson would not comment further nor confirm the figure.
Disrupt 2026: The tech ecosystem, all in one room
Your next round. Your next hire. Your next breakout opportunity. Find it at TechCrunch Disrupt 2026, where 10,000+ founders, investors, and tech leaders gather for three days of 250+ tactical sessions, powerful introductions, and market-defining innovation. Register now to save up to $400.
Save up to $300 or 30% to TechCrunch Founder Summit
1,000+ founders and investors come together at TechCrunch Founder Summit 2026 for a full day focused on growth, execution, and real-world scaling. Learn from founders and investors who have shaped the industry. Connect with peers navigating similar growth stages. Walk away with tactics you can apply immediately
Offer ends March 13.
Slack recently debuted on the New York Stock Exchange, valuing the company at about $15.7 billion.
