Slack, the work-chatting service is sending an email to select users, requesting to them reset their account password via a link (that may look like phishing link). The email is being sent to Slack's Android app users after the company discovered a vulnerability that may have impacted their online security. As per the email (via Android Police), Slack Android app was accidentally logging credentials in plain text and exposed sensitive login ID and password. Slack has clarified to the publication that the email is not a scam, but rather a legit alert from the company.
The San Francisco-based company adds that the vulnerability affected only select Android customers, therefore not all Slack users are likely to receive the password reset email. Impacted users will need to open the link attached to the mail, and reset the password manually after providing the registered email ID. Affected customers are also asked to wipe their Android app's data to get rid of those logs, which are still hanging around your phone's storage, storing your login credentials in plain text.
Slack explains customers to go to Settings > Apps > Slack > Storage > Clear Data or Storage. If that doesn't work, users can try long-pressing the Slack app or its icon in the multitasking menu and tap App Info > Storage > Clear Data or Storage, or search for the app in Settings. Users would need to sign back in after this process. The company adds in the email that Android users must update the app to the latest version from Google Play Store to enjoy all the new security updates.
In March last year, Slack received a new design to make remote collaboration easier. As part of the redesign for both apps and web client, the work-messenger introduced a new navigation bar at the top and a drag-and-drop feature. Notably, business software pioneer Salesforce announced its decision to purchase Slack for $27.7 billion.