Anti-email startup Slack got hacked

slack hq security

Slack, the startup that wants to replace email with an online chatting system, just got hacked and lost its users data.

On Friday, the San Francisco company said it discovered that someone broke into its computer system. Hackers tapped a Slack database that held customer usernames, email addresses, phone numbers and Skype IDs.

Now the danger is that hackers might break into Slack user accounts.

The database contained passwords. They were encrypted into indecipherable gibberish that will be difficult convert back into plain, readable text. But security experts say these hackers could fairly quickly figure out the weakest ones, like "password" and "123456."

This is a blow to the company's image. Slack's main selling point is: Ditch email and trust us with your company's sensitive conversations.

What keeps Treasury Sec. Jack Lew up at night?
What keeps Treasury Sec. Jack Lew up at night?

It's unclear if Friday's news will impact the company's stellar performance with investors. Slack has raised millions of dollars in recent months. And investors currently value the young company at $2.76 billion -- more than double what they thought it was worth in October.

To prevent hackers from hijacking users' accounts with the stolen information, Slack is now offering two-step authentication.

That feature -- already available on Gmail, Twitter and other respected services -- provides an added layer of protection against hackers. If you log in from a new device, the company sends a temporary code to your phone in a text message. You'll need that code to get in.

Why didn't Slack release this sooner? The company said it was already working on it, but it was still getting the kinks worked out.

"It is a complicated change," Slack said in a blog post. "We were about a week from release, with just a few small [user interface] tweaks to simplify and clarify the usage experience."

This is the latest example of a company that's late to the game, adding a safety feature that should have been there from the start. Dropbox started offering two-step authentication after it was hacked in 2012. Apple (AAPL) just expanded it after last year's celebrity iCloud hack.

Plus, this is Slack's second security and privacy flub. Last year, ValleyWag discovered that Slack had an information leak that let you peek at the names of internal teams at Apple (AAPL), Google (GOOGL), Microsoft (MSFT), Twitter (TWTR) and elsewhere.

CNNMoney Sponsors