Slack has been hacked. The company posted about “unauthorized access to a Slack database storing user profile information” that happened back in February. The database stored profile data such as names, emails and one-way encrypted passwords, which is a version of a user’s password stored as a hash.
The company says that credit card data was not compromised, but it is encouraging everyone to reset their passwords and enable two-factor authentication.
Slack is also warning certain users that there was “suspicious activity affecting a very small number of Slack accounts,” though it is not disclosing specifics with the public.
In addition to two-factor authentication, which the company enabled today (and is making it super easy to set up), Slack has added a “Password Kill Switch” for team owners to unilaterally issue one-time team-wide password resets.
The breach comes days after Slack reportedly raised a sizeable sum at a $2.6 billion valuation.
Read More: PSA: Turn on two-factor authentication on these sites