Saturday, March 6

Slack asks users to change their passwords after a breach

Slack encourages some Android users to change their passwords after its app has saved passwords in clear text for a month.

Some Slack users have received an at first glance questionable email asking them to reset their password. Although this message is akin to phishing, it is indeed sent by the courier company due to a security breach.

An example of an email sent by Slack

An example of an email sent by Slack // Gamesdone: Android Police

A fault neutralized

In this email, the company explains that the Android version of its application released on December 21, 2020, mistakenly saved certain passwords in clear – in clear text without encryption – compromising user security. The flaw was closed on January 21, 2021 and the affected version is now unusable.

It then took almost three weeks for Slack to identify affected users to notify them individually. Few accounts seem to have been impacted, especially since many users log in using an SSO connection, like that of Google or their company.

Those affected are also invited to erase the application data on their mobile, thus ensuring that the password is no longer stored on the device.

If you’ve been contacted by Slack, it’s recommended that you change your password on other sites as well, in case you use the same one.

Security: the best password manager apps

Password managers keep all of your passwords used on the Internet in one place. It is therefore important to choose the right one. Here is our…
Read more


Leave a Reply

Your email address will not be published. Required fields are marked *