Slack said it is resetting passwords for approximately one percent of user accounts in response to new information about a 2015 security breach.
The team collaboration software maker revealed in January that it had more than 10 million daily active users. One percent of 10 million is 100,000 users.
Slack in today’s notice said the password reset only affects users who created their account before March 2015. Furthermore, it’s only applicable if you haven’t changed your password since and your account does not require logging in via a single-sign-on (SSO) provider.
If you’re one of the 99 percent of users who joined after March 2015 or have changed your password since then, the announcement doesn’t affect you.
The company said it recently received a report through its bug bounty program regarding potentially compromised Slack credentials. Upon further investigation, Slack determined that the majority of compromised credentials were from accounts that logged into the service during the 2015 security incident.
As such, Slack is now resetting passwords for all accounts that were active in 2015, except those that use SSO or those that have updated their password since March 2015. Slack said it has no reason to believe any accounts were compromised but is taking the step as a precaution.
