Slack: Email information leakage for certain addresses

2016-09-17T05:54:02
ID H1:169992
Type hackerone
Reporter procode701
Modified 2016-10-31T19:00:38

Description

@procode701 discovered a bug related to a specific configuration with our third-party email infrastructure provider, which had the potential to leak certain information from email on non-product Slack domains for specific addresses. Slack applied a fix to the configuration and performed a thorough investigation around vulnerability scope and activity. Thanks @procode701!