You nimbleness appetite to fecundation your Slack countersign if you acclimated the app on Android. According to an email beatific out by the congregation and published by Android Police, the Android adaptation of the Slack app stored users' credentials in plain text betwixt December 21st as well-built as January 21st, theoretically meaning other apps on your roast could have had lenient to them. Slack. says it hasn't self-evident any unauthorized access, as well-built as that it's once emailed all uncalled-for users as well-built as invalidated their passwords -- therefore if you had to enter in a new countersign back you opened the app, that could be why.
After we published this story, the congregation realized out to expound that it believes your passwords were still defended -- the logs would be private unless users had a sempiternal roast with protections warmongering off. The congregation also says this personalized uncalled-for users who logged on with their email biosphere as well-built as passwords during that one-month period -- admitting reservedly a few largish organizations, The Verge included, use a single-sign-on (SSO) texture instead. If you use SSO, or were once logged in, you shouldn't have been affected.
If you've got the postulated communications apparatus installed on your Android phone, the headmost thing you'll appetite to do is update to the latest adaptation from the Spectacle Store, since irresolute your countersign won't do any good if you're still running the old version. Then, if you got the email from Slack, you can collide on the link to fecundation your password. You can also do it manually from a desktop computer using Slack's instructions.
First, sign in to Slack, again go to your profile, which can be accessed by conquer your picture in the top right-hand corner of the app or web app as well-built as conquer Appearance Profile. Then, collide the Increasingly chin as well-built as Biweekly Settings. From there, you has to be blue-stocking to fecundation your password.
Of course, if you acclimated your Slack countersign on other websites, you should fecundation your passwords for those, too (preferably to vendible unique).
Update February 11th, 12:35AM ET: Added Slack's unravelment that the passwords were stored in private logs, as well-built as that the issue should have personalized uncalled-for users who logged in with an email as well-built as countersign straightforwardly during the one-month period.
.
No comments:
Post a Comment