Reportedly, Slack’s Android app was accidentally entering users’ credentials in plain text. The company is now reportedly emailing people who use Slack for Android, requesting them to relax their passwords.
According to the email, from December 21, 2020, until January 21, 2021, the Android version of the Slack app stored users’ credentials in plain text. This means that other apps on the affected phone can access credentials. You should also erase the data in your Slack app, especially if you use the same password for other sites and apps.
According to an Android Police report, Slack representatives confirmed that the few Android users they were receiving to reset the password was not a phishing email and was sent by the company. However, this problem only affects a small subgroup of Android users. If you were one of them, Slack will notify you via email to reset your password.
According to an email sent by Slack, the issue was identified on January 20, 2021, and fixed on January 21, 2021. Slack is urging users to change their passwords and set a ‘complex and unique’ password. If you have received an email, you will have a link redirect to reset the password. To do this manually, go to your profile on Slack, click More> Account Settings.
Slack for Android Could Have Exposed Your Password
Android users are encouraged to update to the latest version of Slack from Google Play. Affected users were asked to wipe the data of their Android app to get rid of the logs, where your login credentials are available in plain text. While Slack stated that it has already invalidated the login password, users should specifically delete the log from the phone if they have used the same password for other sites as well.
To do this, go to your phone’s settings and choose Apps. Navigate to Slack (it will likely be in other apps) and select Clear Storage or Clear Data in Storage. To confirm that you want to permanently clear your data, click OK.