No, it’s not a scam. Slack is telling some Android users to update their passwords after a bug caused the app to store login credentials in plain text.
Slack has reached out to a number of its Android app users via email to warn that their passwords may have been compromised by a December update.
“We are taking this step as precaution due to an error that we discovered and there is no evidence of any unauthorized or third party access to this account. Maintaining the security of your team and the privacy of your communications is important to us. We apologize for the disruption”, wrote Slack in the email (via Android Police).
“On December 21st, 2020, Slack introduced a bug that caused some versions of our Android app to log clear text user credentials to their device. Slack identified the issue on January 20th, 2021 and fixed it on January 21st, 2021”.
Slack has reassured Android Police, who first spotted the email, that only a small subset of accounts has been impacted by the bug.
However, it’s still a good idea to update your password if you’ve been using the Android version of the popular messaging service to communicate with friends or work colleagues.
If you’ve received an email from Slack, you can reset your password in the link sent to you. Otherwise, you can head directly to Slack to update your password manually.
Users are also being asked to wipe the app’s data to remove the logs from their phone’s storage. To do so, you can visit your phone’s settings, tap ‘Apps’, tap ‘Slack’, tap ‘Storage’, tap ‘Clear Data’ and tap ‘OK’. You’ll also want to update your password on any other apps or sites where you’ve used the same login credentials.
A fixed version of the Android app is available to download now and the company has blocked usage of the impacted update.
For more on Slack, make sure to check out our guide on how to schedule alerts to avoid getting notifications where you’re off the clock. You can also see our guide to the best password managers and the best VPNs if you’re interested in improving your security online.