In March 2015, Slack said hackers gained access to some Slack infrastructure, including databases storing user credentials. Hackers stole hashed passwords, but they also planted code on the company's site to capture plaintext passwords that users entered when logging in.
At the time, Slack reset passwords for users who it believed were impacted, and also added support for two-factor authentication for all accounts.
But as ZDNet reported earlier today, the company recently received a batch of Slack users credentials, which prompted the company to start an investigation into its source and prepare a password reset procedure.
"We immediately confirmed that a portion of the email addresses and password combinations were valid, reset those passwords, and explained our actions to the affected users," Slack said.
In a message on its website, Slack said this batch of credentials came via its bug bounty program. The company said it initially believed the data came from users who had their PCs infected with malware, or users who reused passwords across different services.
"However, as more information became available and our investigation continued, we determined that the majority of compromised credentials were from accounts that logged in to Slack during the 2015 security incident," Slack said.
While the batch of compromised credentials included 65,000 passwords, today, Slack decided to reset passwords for all users who were active at the time of the 2015 breach -- except users who already changed their password since then, or those who use single-sign-on (SSO) solutions.
In total, the company said it would end up resetting passwords for 1% of its 10 million userbase, or roughly 100,000.
Slack said it had "no reason to believe that any of these accounts were compromised" and that it was taking this step as a precaution.