Over the weekend, some Slack Android users received a seemingly random email urging them to update their passwords. The email claims a bug in the Android app incorrectly logged password data as plaintext that could be easily scooped up by hackers.
I don’t blame you if you ignored the email — it has many signs of a phishing scam — but it’s legit.
Android Police confirmed
with multiple Slack representatives that the emails originated from Slack, the security issues are real, and the links within the message are safe to click. While there’s no evidence passwords have been stolen or accounts hacked, Slack is proactively asking users to update their passwords.
Slack’s email includes instructions for changing your password and clearing your app cache, but it’s unclear if
affected users were alerted, so it’s wise for anyone using Slack on Android to follow the company’s suggestions, even if they didn’t get the email. Here’s what you need to do:
First, update your password with the link in Slack’s email, or under your account settings on
Next, make sure you have the right version of Slack installed. This part is simple: If Slack works on your phone, you have the right version; if not, you can safely
download the latest build from Google Play.
Google removed the bugged version of the app from Google Play, which also disabled it on devices that had previously downloaded it, so there’s no risk in using the app anymore.
With the correct version of Slack installed on your device, the last step is to clear the app’s data cache to ensure the improperly-stored password data is removed. There are two ways to do this:
Clearing the app cache logs you out of Slack, so make sure you sign back in afterward.)
In your Android settings, g
Settings > Apps > Slack > Storage
and select “
Clear Data or Storage
Long-press the Slack icon from your app launcher. Tap
, then select
“Clear Data or Storage.”
Update Your Slack Passwords Now, Android Users
appeared first on