Slack emails some users to reset password, wipe app data

Chandraveer Mathur
·2-min read

Slack emails some users to reset password, wipe app data
Slack emails some users to reset password, wipe app data

06 Feb 2021: Slack emails some users to reset password, wipe app data

Slack, the business communication platform, recently notified some of its users of a serious bug via email. Slack's Android app was accidentally logging users' credentials in plain texts and storing it in the fairly accessible app data directory.

Slack indicates only Android users have been affected by this bug. It recommends changing passwords and clearing app data stored on their phones.

Wishful thinking: Slack says no accounts were compromised by third parties

The bug caused users' Slack passwords to be saved and stored as plain texts in the application data. iOS users appear to remain unaffected.

Meanwhile, Slack's email says there is no evidence of unauthorized or third-party access to accounts. The platform admitted that a bug got introduced in the app on December 21. It was detected on January 20, and fixed the following day.

Quick fix: Affected users advised to reset password and clear app data

Users can reset their password using the Slack website, or using the link in the email from Slack.

Those affected can clear app data by long-pressing the Slack app in the multitasking menu, and then navigating to App Info > Storage > Clear Data.

After following these steps, the app will prompt users to sign in again.

Security concerns: Slack's email suggests resetting passwords reused on other websites

Clearing the app data stored on your device will delete any credentials Slack claims to have accidentally logged as plain text.

People tend to use the same passwords across multiple platforms. The email advises those affected to go through their saved credentials ('check passwords' feature on Chrome browser) to find and fix instances of password reuse.

Plugging leaks: Compromised version blocked, Slack claims limited users affected

The specific version of the Android app responsible for this issue has been blocked from use.

Slack told Android Police the error has impacted only a small subset of Android users. It adds that everyone affected will receive an email soon.

Slack users also faced errors earlier in January this year when the app briefly suffered an outage.