Slack, a chatroom for teams and organizations is currently under fire over a few privacy issues. Apparently, the Android app is accidentally logging in users’ credentials in plain text, as per a report.
Slack For Android: Passwords and Security
Simply put, the company has now reportedly been emailing people who use this app for Android. The email contains requests for them to reset their passwords.
From December 21, 2020, till January 21, 2021, the Android version of the Slack app stored users’ credentials in plain text, according to the email. So what’s the problem with that?
Well, this means that other apps on the affected phone could have access to the credentials. However, the issue seems to have impacted only a small subset of Android users. If you were one of them, Slack will likely notify you to reset your password, via email.
The Way Foward
According to the email sent out by the company, the issue was identified on January 20, 2021, and fixed on January 21, 2021. Slack is urging users to
- Wipe your Android Data to get rid of logs
- Change their passwords
- Set a ‘complex and unique’ password.
- If you’ve received an email, it will have a link redirecting you to reset the password.
- To manually do it, go to your profile on Slack, click on More > Account Settings.
- After this, update to the latest version of Slack from Google Play.
While the company said that it had already invalidated the logged password, users should especially delete the log from the phone if they have used the same password for other sites as well.