![]() ![]() "We have decided to release it immediately, despite the remaining bits of clunky-ness: the feature works and it does provide a significant new level of protection against unauthorized access to your Slack account," writes Toth. In its statement, Slack says it had planned to release the two-factor feature in just a week, but was still testing it. ![]() Microsoft's and Google's collaboration tools, by contrast, have offered two-factor authentication for years. Between the two startups, that may mean that Slack is now, at least in terms of user authentication, a more secure alternative for office chatter. ![]() Hipchat has yet to announce its own implementation of two-factor authentication. On the other hand, Slack's popular competitor Hipchat also revealed in February that it had been hacked and a portion of its usernames and email addresses compromised. "We deeply regret this incident and apologize to you, and to everyone who relies on Slack, for the inconvenience." Earning your trust through the operation of a secure service will always be our highest priority," the company's blog post from Slack's VP Anne Toth reads. "We are very aware that our service is essential to many teams. The company claims that its passwords were sufficiently scrambled to be unreadable to hackers, but it also admits that it detected "suspicious activity" on a "small number" of Slack user accounts, implying that users' communications were in at least some cases fully accessed by the intruders. That data included email addresses, usernames, encrypted passwords, and, in some cases, phone numbers and Skype IDs that users had associated with their accounts. On Friday Slack announced on its corporate blog that it was hacked over the course of four days in February, and that some number of users' data was compromised. Now it's just hit a different milestone for budding startups: Getting humiliated by hackers who defeated its not-quite-ready-for-primetime security protections. The cockroach of the internet has a long life ahead of it yet.The buzzy collaboration platform Slack has blown up over the last year, with half a million daily users and a $2.8 billion valuation. The global nature of email and its address system also means it trumps messaging platforms in terms of scale. Thomas Randall, an analyst at Info-Tech Research Group, notes that while messaging services such as Slack and Teams are great for real-time communication, they have yet to best email when it comes to sharing information in a more asynchronous fashion. One source of comfort for them is that email isn’t likely to be deleted permanently from companies’ communication tool sets anytime soon, in spite of hackers’ attentions. Microsoft and other companies offering email services will be watching closely to see what that response looks like. The breathtaking scale of both attacks has put the spotlight on the Biden administration, which has said it is working on “a whole of government” response to the hacking onslaught U.S. That hack, too, has caused huge problems for CIOs and their security teams at many thousands of companies. The assault on Microsoft Exchange comes not long after revelations that hackers had been able to compromise networking software from a supplier called SolarWinds. A widely held view is that any company with an on-premise Exchange server that’s configured to allow staff to access email over the internet should assume it has been targeted. Many of their targets have been small and medium-sized businesses, but larger companies, government departments and regulatory organizations such as the EBA have also been in their sights. (The Chinese government has publicly denied any involvement.) However, the sheer number of incidents over the past few weeks has led security experts to conclude that other hacking groups have been exploiting the same vulnerabilities too. Microsoft believes the attacks, which it first started seeing in January, are the work of state-sponsored Chinese hackers in a group its security researchers have dubbed Hafnium. The software giant has issued a software “patch” to fix the security weaknesses and has urged companies to implement it as quickly as possible. Microsoft has said that the ongoing attack has only targeted instances of Exchange running on companies’ own servers versions delivered via its computing cloud so far appear to have been unaffected. That dominance is what makes Exchange such a tempting target for hackers. Rival services such as Google’s Gmail haven’t made significant inroads as of yet. “Exchange, whether in the cloud or on-premise, is almost a monopoly in businesses,” says Art Schoeller of tech research firm Forrester. According to Statista, just over 300 billion emails are still being sent every day-and Microsoft has a dominant share of the market in serving them up. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |