If you use Slack on Android, we highly recommend you update your account’s password. A bug accidentally introduced on December 21, 2020, into one of the app’s versions stored the passwords in plain text, and it was only discovered on January 20, 2021.
Thankfully, the company noted that it doesn’t seem like the data, a.k.a. your password, was accessed by third parties. Slack clarified with The Verge that user passwords are stored securely in private logs. It could only pose a threat to you if you had a rooted device with protections turned off.
Slack fixed the issue the day after it was discovered and said it only affected a small subset of users. According to Business Insider, the bug only affected users who logged in using the manual sign-in process within that month. Manual sign-in means you used your email and password. Those who use single sign-on aren’t affected (like if you use other services like Google, Facebook, Apple to register or login to accounts).
Affected users received an email prompting them to change their passwords. But if you want to change it yourself, that’s something you can easily do.
How to update your Slack password
- This is slightly off-tangent but update your Slack app first to the latest version from the Play Store. If your app doesn’t work, it means this app is the affected version. Uninstall Slack and then reinstall it.
- Sign in to Slack on your desktop or laptop. You won’t be able to update your password on your mobile manually.
- Click on your profile in the top right.
- Select View Profile from the menu.
- Click … More, then select Account settings.
- Next to Password, select Expand. You should be able to reset your password here.
Additional reminder: If you use your Slack password for other accounts, please change those, too. And stop using the same passwords on multiple accounts!
Source: Slack