In case you simply acquired an e-mail from Slack explaining that it is advisable to reset your password with a giant, phishy-looking hyperlink, it is legit. The corporate’s Android app was by chance logging credentials in plain textual content, and affected prospects are being notified by way of e-mail to reset their passwords. We have reached out to Slack to be triply certain, and firm representatives inform us that it is not a rip-off, they’re sending these emails themselves.
These emails above and beneath are legit; you are not being phished.
Once more, this is not a phishing try or something like that, although it would seem like one at a look. Emails are being despatched to Slack prospects as we converse, and we aren’t certain if everybody will get one. Slack tells us this solely impacted a small subset of Android customers, who’re being notified as of this afternoon.
Included within the e-mail is a hyperlink to reset your password. It is secure to click on, or you possibly can navigate to Slack’s website straight your self, register there, and reset your password manually, if you wish to be particularly cautious — although, once more, it is not actually vital. Simply ensure your new password is an efficient one.
Affected prospects are additionally requested to wipe their Android app’s knowledge to do away with these logs, that are nonetheless hanging round your telephone’s storage, storing your login credentials in plain textual content. There are a handful of the way to try this. Slack instructs prospects to go to Settings -> Apps -> Slack -> Storage -> Clear Information or Storage. If that does not work, you possibly can attempt long-pressing the Slack app or its icon within the multitasking menu and faucet App Data -> Storage -> Clear Information or Storage, or seek for the app in Settings. Word that you’re going to must signal again in after doing this.
In case you used your Slack password at another web sites, make sure to reset it there, too. In case you save your passwords with Google, a great way to test is with Chrome’s built-in password checkup software, accessible in Settings -> Autofill -> Passwords to see if those it lists for Slack had been used wherever else.
The model of the Android app answerable for this challenge has been blocked from use, so there is not any motive to fret about updating it: In case your model nonetheless works, it is a good one. However you possibly can obtain the most recent model over on the Play Retailer if you wish to ensure.
The complete textual content of the e-mail is slightly below:
Slack is requiring a password reset for the [redacted] account on [redacted]. We’re taking this step as precaution as a result of an error that we found and there’s no proof of any unauthorized or third occasion entry to this account. Sustaining the safety of your group and the privateness of your communications is vital to us. We apologize for the disruption.
On December 21st, 2020, Slack launched a bug that triggered some variations of our Android app to log clear textual content person credentials to their system. Slack recognized the problem on January 20th, 2021 and stuck it on January 21st, 2021. A set model of the Android app is on the market and now we have blocked utilization of the impacted model(s).
To set your new password instantly, please use the next hyperlink: [redacted]
Choosing a posh and distinctive password is strongly really helpful, and is important to defending the integrity of your account. We recommend the usage of a password supervisor that will help you maintain observe of your passwords for each service you employ.
Lastly, you possibly can manually delete the logs out of your system. Be suggested this motion may also log you out of all Slack workspaces of which you’re a member. We have now already invalidated the logged password, however you probably have reused this Slack password to log into different web sites, that is extremely really helpful.
You are able to do this with these directions in your Android system:
From your house display screen, go to the Settings app
Scroll down and choose Apps
Navigate to and choose Slack
Click on Clear knowledge on the left facet of the display screen
Click on OK to verify that you simply want to clear knowledge
Log into Slack utilizing your new password
We very a lot remorse any inconvenience now we have triggered. If in case you have extra questions, you possibly can reply on to this notification — our assist group is standing by and able to assist.
The group at Slack