Slack emails some users to reset password, wipe app data
Slack, the business communication platform, recently notified some of its users of a serious bug via email. Slack's Android app was accidentally logging users' credentials in plain texts and storing it in the fairly accessible app data directory. Slack indicates only Android users have been affected by this bug. It recommends changing passwords and clearing app data stored on their phones.
Slack says no accounts were compromised by third parties
The bug caused users' Slack passwords to be saved and stored as plain texts in the application data. iOS users appear to remain unaffected. Meanwhile, Slack's email says there is no evidence of unauthorized or third-party access to accounts. The platform admitted that a bug got introduced in the app on December 21. It was detected on January 20, and fixed the following day.
Affected users advised to reset password and clear app data
Users can reset their password using the Slack website, or using the link in the email from Slack. Those affected can clear app data by long-pressing the Slack app in the multitasking menu, and then navigating to App Info > Storage > Clear Data. After following these steps, the app will prompt users to sign in again.
Slack's email suggests resetting passwords reused on other websites
Clearing the app data stored on your device will delete any credentials Slack claims to have accidentally logged as plain text. People tend to use the same passwords across multiple platforms. The email advises those affected to go through their saved credentials ('check passwords' feature on Chrome browser) to find and fix instances of password reuse.
Compromised version blocked, Slack claims limited users affected
The specific version of the Android app responsible for this issue has been blocked from use. Slack told Android Police the error has impacted only a small subset of Android users. It adds that everyone affected will receive an email soon. Slack users also faced errors earlier in January this year when the app briefly suffered an outage.
