新聞

Note to our Android users

作者:by the team at Slack 2021 年 3 月 25 日

On Friday, February 5, we notified a small subset of Slack’s Android users that we had reset their passwords in response to a bug that logged credentials in plain text.

Subsequently following this, we identified a new subset of users that were impacted by the same bug. We sent notifications to these users on Thursday, March 25.

This reset included only a small subset of Android users who had entered their password between January 11, 2021, and January 20, 2021. Most mobile users sign in infrequently, so the vast majority of our Android users were not impacted. Users who log in through a single-sign-on (SSO) provider were not impacted at all.

Slack took this step in an abundance of caution, even though the risk of exposure of these logged passwords was very low and there is no evidence of any unauthorized or third-party access to impacted accounts. The passwords were logged to the local device logs that are visible only to the Slack app on the device. On a properly operating Android device, there is no risk that any other apps could view these logs. Additionally, the space for these logs is limited to 512KB and they may be overwritten quickly.

At this time, there are no additional steps necessary for notified Android users to take. Slack has reset all known logged passwords, required users on the impacted version to upgrade to a fixed version of the Android app, and notified these users and the Primary Owners of their workspace of the issue. For more information on resetting Slack passwords, please refer to this article from Slack’s Help Center.

Maintaining the security of your team and the privacy of your communications is important to us. We sincerely apologize for any disruption.

    這則貼文有幫助嗎?

    0/600

    超讚!

    非常感謝你提供意見回饋!

    知道了!

    感謝你提供意見回饋。

    糟糕!我們遇到問題了。請稍後再試一次!