Slack, a unified communications and enterprise software startup, has confirmed it sustained a significant security breach over the course of unspecified four days in February.
The San Francisco-based company provided further details in a blog post on Friday, admitting its central user database was accessible to hackers during that window.
The database hosted a slew of personal data, including user names, email addresses, and one-way encrypted passwords, and other optional info, such as phone numbers and Skype IDs.
Anne Toth, vice president of policy and compliance strategy at Slack, reassured in the blog post that there is "no indication that the hackers were able to decrypt stored passwords, as Slack uses a one-way encryption technique called hashing."
She added no financial or payment information was accessed or compromised in the attack either.
Slack has tapped outside experts and law enforcement officials to assist in the investigation, which remains ongoing. Slack said it has notified affected individual users and team owners.
For all Slack users who have not been contacted directly, Slack has published some security tips as well as pushed out two-factor authentication and a password-kill switch for IT administrators to implement.
Founded by Flickr veterans in 2013, the office communication platform debuted with the intention of killing off internal office emails once and for all. Slack was also meant to double as an archive of a company's online comms history with all conversations saved and searchable.
Other email and team-based communications tools have emerged, including the likes of Google's Inbox and Dropbox-owned Mailbox.
But Slack has continued to garner interest, raising as much as $180 million in venture capital after several fundraising rounds to date.