Slack is one of the hottest startups out there right now, after having won over a wide range of tech companies with its enterprise collaboration tool. Usually that would be a good thing, except that different projects those companies are working on might have been exposed thanks to a « feature » that makes team names visible to unauthenticated users.
Earlier, the feature in question allowed anyone to sign up using any random email address at a specific domain, and then prompts them to select teams that are available at their company. That’s great for creating a fast onboarding workflow for users, but not so great when any random person can spoof an email address at a company’s domain and have unauthenticated access to a list of teams.
Slack says the visibility of those team names was not entirely its fault. In a statement, the company points out that team discoverability via…
View original post 688 mots de plus