Why You Should Update Slack For Android Password As Soon As Possible

Screen Rant

By Alan Truly

Published Feb 11, 2021

Slack has revealed that a December app update accidentally left passwords unencrypted on Android smartphones and tablets for about a month.

A recent alert email was sent to users of the Slack app for Android devices asking them to update their passwords. While a breach has not been detected, a programming error was discovered which had left passwords unencrypted for around a month. As such, it is recommended that users change their passwords.

Slack is a team messaging app based on the idea of a 'searchable log of all conversation and knowledge,' which also gives the app its name. As Slack is already a word in the English language, this is known as a backronym instead of an acronym. The app uses persistent chat rooms with public or private groups and direct messaging, making it convenient for businesses and organizations with a need to organize collaborative efforts.

The need for Android users to update their Slack password was revealed via an email from Slack Technologies. As Android Police pointed out, the email may have been misunderstood by some as an attempt to phish for account logins, but it is a genuine email. That said, it is best to always go directly to an app or website to make update logins rather than clicking a link in an email, as false reports of the need to change a password are common scams. Android users should assume that their passwords may have been compromised and reset the password. Ideally, a different login should be used for each app and website but, if the password used with Slack was also entered for other accounts, those should be changed too.

Slack's Unencrypted Password Problem Explained

The nature of the error left passwords unencrypted and stored on Android phones or tablets in what security researchers and programmers call ‘plaintext,’ which means that the password can be read by someone that knows where to look. No other effort or decryption software would be needed to read the password. The issue arose with the update that was released on December 21, 2020, and was discovered on January 20, 2021. A correction to the app was posted as an update the next day, so passwords are no longer human-readable, but there was a period of time when they were potentially vulnerable.

Slack is available for mobile devices including Android, iOS, and iPadOS phones and tablets. There are also apps for Windows, Mac, and a beta version for Linux computers. It can be used via a web browser too. The only users affected by the password error were those with Android devices. As is the case with many security issues, it isn’t known if any passwords were seen by unauthorized parties or not, but the safest approach is to assume they were. Slack quickly resolved the problem once it was discovered and alerted users to take action.

Next: Slack, Skype, Google Hangouts & Around Are Probably Safer Than Zoom

Source: Android Police, Slack