Tens of thousands of Slack users will have to change their passwords after the company learned new details about a 2015 data breach. If you created your account before March of that year, haven't changed your password since and don't log in via a single-sign-on provider (i.e. an organization's Slack network), you'll need to update your credentials.
About one percent of Slack's userbase falls into those three categories, which equates to around 100,000 users, according to ZDNet. Login credentials for 65,000 accounts were obtained in the breach, but to be on the safe side Slack is resetting passwords for all users who meet the criteria. It said it had "no reason to believe that any of these accounts were compromised, but we believe that this precaution is worth any inconvenience the reset may cause."
The company is taking the measure because it obtained details about potentially compromised accounts through its bug bounty program. It confirmed the credentials it received were valid and it believes they were related to the 2015 incident. Slack is directly informing people who are affected by the reset, including room admins. It also urged users to turn on two-factor authentication, which it rolled out in the wake of the breach.