Use Slack on your mobile phone? Reset your password.
Popular business communication app Slack is sending out emails asking some of its users to reset their passwords. If you have also received such an email, you might want to reset your password right now.
According to a report by Android Police, Slack on Android has been found storing passwords in plaintext. Slack has mentioned this in an email sent out to affected users. Apparently, the bug was introduced in a version of Slack for Android and remained unfixed for a month.
Slack says that only a small subset of users was affected. The company notes that there is no evidence to suggest that this data was accessed by third-parties. The bug has now been fixed and the affected app version has been blocked.
If you were affected by this bug, you should receive an email from the company soon. Even otherwise, it might be wise to reset your password if you sign in to Slack manually.
How to reset your Slack password:
If you are still not comfortable clicking on the password reset link automatically sent by Slack, you can manually request your password to be reset and then set a new password yourself.
To reset your password manually, go to the Slack login page, login to your account and set a new password.
Affected Slack users are also being asked to clear their app data to delete old logs. To do this, go to Settings > Apps > Slack > Storage and tap on Clear Data. Alternatively, you can also uninstall and reinstall the Slack app.
Why should passwords not be stored in plaintext?
Simply put, storing passwords in plaintext is akin to leaving the key to your house on the doormat. Malicious third-party apps would have been able to access the Slack password stored in plaintext, allowing them to misuse it any way they see fit.
Via Business Insider