With so many scam emails going around, you would be forgiven for dismissing real communication about a security breach. Cybercriminals will often piggyback off known breaches, looking to trick victims into handing over sensitive information like account passwords and banking information.
With sophisticated tools at their disposal, thieves can spoof emails to trick people into thinking they’re correspondence from official companies. Tap or click here for a recent example where scammers spoofed emails from Netflix.
Most mass emails requesting you to reset your password should be treated with skepticism. But for a popular messaging service, that’s not the case. If you recently received an email from Slack, you should heed its call to change login credentials. It can easily be confused for a phishing attempt, but the urgency is genuine.
Here’s the back story on the password
Slack released details about its Android app, and it turns out that the mobile application was storing usernames and passwords for some users in plain text. You would only have received a notification if you used the Android app.
Any reputable service will keep their users’ login details safe with encryption. Encryption means if hackers breach a site, your credentials are scrambled and unreadable. Records in plain text are easier for cybercriminals to steal.
The plain text credentials weren’t stored on Slack’s servers but logged by the Android device. It might not seem like a huge deal, but if your phone is the target of a hack, your login details will be readable.
Here’s what you need to do
The email sent out by Slack is legitimate, as first reported by Android Police. And you should most definitely change your login details.
Slack introduced the bug late last year, on Dec. 21 that caused some versions of its Android app to log clear text user credentials to their device. The company noticed the problem a month later, on Jan. 20. and fixed it a day later.
Slack has now blocked usage of the Android app until you change your password. “We are taking this step as a precaution due to an error that we discovered and there is no evidence of any unauthorized or third-party access to this account,” the email read.
As well as resetting login details, the company is also urging you to wipe local data from your device as an added measure. Here is how you do it:
- Make sure that you have the most current version of Slack installed on your Android device.
- Open Settings.
- Tap Apps.
- Navigate to and tap Slack.
- Tap Storage.
- Then tap Clear Data or Storage.
This will erase all local data for Slack on your phone and will sign you out. Login with your new details and you will be good to go.
There is also another way to wipe the local data:
- Long press the Slack icon on the home screen.
- Tap App Info.
- Then tap Storage and select Clear Data or Storage.
Creating a strong password
Your best defense against hacking attempts is to have strong passwords for apps and services. You should also never use the same password for more than one account.
Weak passwords include anything that has fewer than eight characters and doesn’t have a variety of lower, upper, and special characters. To create a strong password, you must think creatively. Tap or click here for help creating stronger passwords.
Or you could use a password manager. We recommend our sponsor RoboForm to do the heavy lifting related to password generation and security. Save 50% on RoboForm Everywhere and manage your passwords with ease and safety.