Slack for Android Could Have Exposed Your Password: Here’s How to Reset
Slack’s Android app was accidentally logging in users’ credentials in plain text, as per a report. The company has now reportedly been emailing people who use Slack for Android, requesting them to rest their passwords. From December 21, 2020, till January 21, 2021, the Android version of the Slack app stored users’ credentials in plain text, according to the email. This means that other apps on the affected phone could have access to the credentials. You should wipe your Slack app’s data as well, especially if you use the same password for other sites and apps.
As per a report by Android Police, Slack representatives confirmed that the email some Android users were receiving to reset passwords was not a phishing email and was sent by the company. However, the issue seems to have impacted only a small subset of Android users. If you were one of them, Slack will likely notify you to reset your password, via email.
According to the email sent out by Slack, the issue was identified on January 20, 2021, and fixed on January 21, 2021. Slack is urging users to change their passwords and set a ‘complex and unique’ password. If you’ve received an email, it will have a link redirecting you to reset the password. To manually do it, go to your profile on Slack, click on More > Account Settings.
Android users are encouraged to update to the latest version of Slack from Google Play. Affected users were asked to wipe their Android app’s data, in order to get rid of the logs, where your login credentials are available in plain text. While Slack said that it had already invalidated the logged password, users should especially delete the log from the phone if they have used the same password for other sites as well.
To do this, go to your phone’s Settings and select Apps. Navigate to Slack (this will likely be in Other apps) and select Clear storage or Clear data in Storage. Click on OK to confirm that you want to permanently clear your data.