Slack on Android users might have to reset their password – company says it applies to only a 'small subset' of users
- Slack found that one of its app versions on Android was storing passwords in plaintext, leaving affected users vulnerable.
- The company has fixed the bug and is now starting to intimate affected users to reset their passwords.
- Slack says there is no evidence of unauthorized or third-party access, but you will still have to reset your password as a precaution.
- Check out the latest news and updates on Business Insider.
AdvertisementPopular business communication app Slack is sending out emails asking some of its users to reset their passwords. If you have also received such an email, you might want to reset your password right now.
According to a report by Android Police, Slack on Android has been found storing passwords in plaintext. Slack has mentioned this in an email sent out to affected users. Apparently, the bug was introduced in a version of Slack for Android and remained unfixed for a month.
Slack says that only a small subset of users was affected. In an email sent to Business Insider, the Slack spokesperson highlighted that this applies to users who use the manual sign in process, via email and password, and not for those who use single sign-on (SSO).
The company notes that there is no evidence to suggest that this data was accessed by third-parties. The bug has now been fixed and the affected app version has been blocked.
If you were affected by this bug, you should receive an email from the company soon. Even otherwise, it might be wise to reset your password if you sign in to Slack manually.
How to reset my
If you are still not comfortable clicking on the password reset link automatically sent by Slack, you can manually request your password to be reset and then set a new password yourself.
To reset your password manually, go to the Slack login page, login to your account and set a new password.
To do this, go to Settings -> Apps -> Slack -> Storage and tap on Clear Data.
Alternatively, you can also uninstall and reinstall the Slack app.
Why should passwords not be stored in plaintext?
Simply put, storing passwords in plaintext is akin to leaving the key to your house on the doormat.
Malicious third-party apps would have been able to access the Slack password stored in plaintext, allowing them to misuse it any way they see fit. This applies to users with rooted (the ones with admin privileges) Android devices, the statement from Slack said.
Correction: This story was updated with clarifications from Slack that this impacts a small subset of users who use manual login.
Slack says Microsoft's CEO claiming credit for the app's success is 'as silly as it is irrelevant'
How to reset and change your Gmail password if you've forgotten it, on desktop or mobile
A bitcoin stash worth $68 million was seized by German police, but the owner won't give up his password
Popular on BI
- A 24-year-old stock trader who made over $8 million in 2 years shares the 4 indicators he uses as his guides to buy and sell
- Financial inclusion made easy for India’s small merchants with Paytm’s pioneering QR codes and Soundbox
- This frequent flyer who's been 'skiplagging' for a decade says she has 'no remorse and no angst'
- Highest strike rate in IPL 2023: Rahane beats Jaiswal; SKY only Indian in top four
- Godrej Group arm to invest ₹100 crore to acquire material handling equipment to be rented out
- These are must to do activities in Lonavala on your next visit
- Inox Wind gets 150-MW wind energy project from NTPCREL
- RBI’s gold holdings jump over 17% to a whopping ₹2,30,734 crore