Slack 用戶請留意!大家快點登入 Slack 然後更改密碼。根據 Slack 的說法,他們發現了一個出現在 Android app 上的 Bugs,並於 21 Jan 2021 進行了修復。
這個 Bugs 的問題在於 Slack 在沒有加密的情況下儲存了密碼,這導致密碼很可能出現洩漏的可能。雖然暫時沒有任何證據顯示用戶密碼被盜用,但安全起見,大家還是更新密碼。
如果你有收到 Slack 發過來的 Email 通知,那就代表你的裝置有相關問題。若沒有收到的話,按理說是沒問題的,但最好還是修改密碼吧!以下是 Slack 的通知全文:
Hello,
Slack is requiring a password reset for the [redacted] account on [redacted]. We are taking this step as a precaution due to an error that we discovered, and there is no evidence of any unauthorized or third party access to this account. Maintaining the security of your team and the privacy of your communications is important to us. We apologize for the disruption.
On December 21st, 2020, Slack introduced a bug that caused some versions of our Android app to log clear text user credentials to their device. Slack identified the issue on January 20th, 2021 and fixed it on January 21st, 2021. A fixed version of the Android app is available and we have blocked usage of the impacted version(s).
To set your new password immediately, please use the following link: [redacted]
Selecting a complex and unique password is strongly recommended, and is vital to protecting the integrity of your account. We suggest the use of a password manager to help you keep track of your passwords for every service you use.
Finally, you can manually delete the logs from your device. Be advised this action will also log you out of all Slack workspaces of which you are a member. We have already invalidated the logged password, but if you have reused this Slack password to log in to other websites, this is highly recommended.
You can do this with these instructions on your Android device:
From your home screen, go to the Settings app
Scroll down and select Apps
Navigate to and select Slack
Select Storage
Click Clear data on the left side of the screen
Click OK to confirm that you wish to clear data
Log into Slack using your new password
We very much regret any inconvenience we have caused. If you have additional questions, you can reply directly to this notification — our support team is standing by and ready to help.
Sincerely,
The team at Slack