Blocking ads removes funding from us!
Researching and writing articles takes a lot of time. Operating our infrastructure costs money.
All of this is funded with advertising revenue.
We don't like advertising either - that's why we avoid annoying banners and pop-ups.
Please give us a chance and deactivate your adblocker!
Alternatively, you can support us here voluntarily.

Follow us:


Stored in plain text on the device: Slack wants some users to reset their password

from  David Wurm on February 06, 2021, 18:03 am | 🔥 popular | Write a comment

Slack
Image: Slack
(Post picture: © 2019 Slack)

There was a glitch with Slack - for a month some users had logged the passwords in clear text on their own device. Some Android users are affected and are now being asked to change their password. So it is not a phishing email.

Got an email from Slack too? Time and again, so-called “phishing emails” are on the way to pick up passwords. This time around, you'd think it would be with Slack. But it is not: As of today, Slack is asking some Android users to reset their passwords by email.

Reset Slack Password: Users & Workspace Admins receive email

Under the subject "[Security update]: Your Slack account’ or ‘[Security Update]: Your Slack Account’, the company is currently sending emails to users personally. Unfortunately, they did not do so well and do not address the user personally by name, which is usually the first indicator of a phishing email. Not only the users themselves, but also the workspace administrators received an email. Depending on the language set in Slack, it is either written in German, English or another language. The administrator sees which users this Proproblem.

Slack password reset email administrator

Workspace administrators receive this email about this incident. (Image: TechnikNews/Screenshot)

After receiving this e-mail, we recommend that you immediately reset your password using the link provided. The workspace administrator may be forcing you to do this anyway and you can no longer log in with the current password. Companies using SSO login are not affected. Even if the password was only made "public" on one's own device, other apps and the system could have accessed these logs. As a result, it shouldn't either Probe more difficult to read out the password. Alternatively, a user can always reset their password at the following link: [workspace].slack.com/account/settings#password

This is the email that Slack users receive

The full email to users is as follows:

Hallo,

Slack wants the password for the [your username] account on [workspace].slack.com to be reset. This is a precautionary measure due to a bug we discovered. There are no indications that unauthorized persons or third parties had access to this account. We take the security of yours Projekt team and the protection of your communication data very seriously. We would like to apologize for any inconvenience.

On December 21, 2020, Slack encountered a bug that caused some versions of our Android app to store user credentials in plain text on their devices prowere tocolted. Slack has that ProProblem identified on January 20, 2021 and fixed on January 21, 2021. A cleaned version of the Android app is available and we have stopped using the affected version(s).

If you'd like to set a new password immediately, click the link below:

We strongly recommend creating a difficult and unique password. This is the only way to protect the integrity of your account. It's best to use a password manager. So you always know which password you have chosen for each of your services.

Finally you can Prodelete logs manually from your device. Please note that this action will also log you out of any Slack workspaces you are a member of. We have that proTokenized password already invalidated. However, if you also use it to log in to other websites, we strongly recommend performing this action.

On your Android device, you can do this with the help of the following instructions:

  1. Open the app on your home page Settings
  2. Scroll down and select Apps from
  3. Find and choose Slack from
  4. Choose memory from
  5. Click on the left delete data
  6. Click on OKto confirm that you want to delete the data
  7. Sign in to Slack with your new password

We are very sorry for the inconvenience caused. If you have any further questions, just reply to this notification. Our support team is always there for you.

With kind regards,
Your Slack team

We cannot say ourselves whether users who have not received a notification are really not affected by it. It's best to use one anyway Password manager and still resets his Slack password to be on the safe side. As a further measure, you should always use two-factor authentication. Then the password alone is of no use to a possible hacker. This is how you play it safe.

Recommendations for you

>> The best Amazon deals <

Tags:

David Wurm

Do that TechnikNews-Ding together with a great team since 2015. Works in the background on the server infrastructure and is also responsible for everything editorial. Is fascinated by current technology and enjoys blogging about everything digital. In his free time he can often be found developing webs, taking photographs or making radio.

David has already written 962 articles and left 382 comments.

Website | Facebook | Twitter | Insta | YouTube | PayPal coffee donation
notification settings
notifications about
guest
Your name, which will be shown publicly.
We will not publish your email address.

0 Comments
Inline feedback
View all comments
Reach your target audience! Advertise on TechnikNews
Reach your target audience! Advertise on TechnikNews
Cookie Consent with Real Cookie Banner