Over the weekend, some Slack Android users received a seemingly random email urging them to update their passwords. The email claims a bug in the Android app incorrectly logged password data as plaintext that could be easily scooped up by hackers.
I don’t blame you if you ignored the email—it has many signs of a phishing scam—but it’s legit. Android Police confirmed with multiple Slack representatives that the emails originated from Slack, the security issues are real, and the links within the message are safe to click. While there’s no evidence passwords have been stolen or accounts hacked, Slack is proactively asking users to update their passwords.
Slack’s email includes instructions for changing your password and clearing your app cache, but it’s unclear if all affected users were alerted, so it’s wise for anyone using Slack on Android to follow the company’s suggestions, even if they didn’t get the email. Here’s what you need to do:
First, update your password with the link in Slack’s email, or under your account settings on Slack’s website.
Next, make sure you have the right version of Slack installed. This part is simple: If Slack works on your phone, you have the right version; if not, you can safely download the latest build from Google Play. Google removed the bugged version of the app from Google Play, which also disabled it on devices that had previously downloaded it, so there’s no risk in using the app anymore.
With the correct version of Slack installed on your device, the last step is to clear the app’s data cache to ensure the improperly-stored password data is removed. There are two ways to do this:
(Note: Clearing the app cache logs you out of Slack, so make sure you sign back in afterward.)
- In your Android settings, go to
Settings > Apps > Slack > Storage and select “Clear Data or Storage.”
- Long-press the Slack icon from your app launcher. Tap App Info, then Storage, then select “Clear Data or Storage.”