If you’re using the Android version of Slack, go change your password ASAP
iOS and desktop users, you’re good.
Slack has been an invaluable resource in this new age of work from home, connecting workplaces that had never done any remote work before the pandemic. The sale to Salesforce for $27.7 billion wasn’t the only thing that happened to the app in December though, as the Android version of the app had a worrying security issue during that time.
You’ll probably want to go and change your Slack password right now if you were using the Android app between December 21 and January 20. That’s because thanks to a bug in the app, your account credentials were saved on-device in plaintext, instead of being encrypted. Big yikes.
Slack says there’s no indication anyone has abused this bug, but you should still change your password. If you still use the same password combination for other services, this is a good time to enroll in a password manager and create unique logins for every website/app you use.
Slack sent out emails asking for its users to change their passwords, with what looked like a spammy, phishing email. It’s been confirmed as a legit email, so maybe Slack should do some redesigning so its official emails look less suspect.
Oh, and if you only use Slack on iOS or desktop, you weren’t affected by the bug. You can change your passwords if you really want to, out of an abundance of caution, but unless you were using the Android version as well, you don’t need to.
- Slack is testing video stories and push-to-talk calls on its platform
- An iOS developer is showing just how messed up Apple’s App Store can be
- Facebook’s latest version of Messenger literally sits on your face thanks to Oculus VR headsets
- How to customize Slack’s new redesign