Slack’s latest feature sparks company apology after just one day

Sign up to our free weekly IndyTech newsletter delivered straight to your inbox

Sign up to our free IndyTech newsletter

Please enter a valid email address

Please enter a valid email address

SIGN UP

I would like to be emailed about offers, events and updates from The Independent. Read our privacy policy

Slack is having to take “immediate steps” in order to address a new feature the company introduced due to the potential for it to be used to send abusive messages.

Yesterday, the workplace messaging app announced Slack Connect – a way for members of any organisation to talk to those in other companies, as long as all members are using Slack.

Users would send an invitation, along with a message, to someone asking them to join a Slack chat; however, this invitation is sent via a generic ‘feedback’ Slack email address.

As such, users receiving abusive messages would have to weigh up whether to block all of Slack’s feedback emails in order to stop potential harassment, in contrast to traditional email addresses which are significantly more specific and easier to filter out.

Moreover, Slack sends the recipient the full content of the invitation, and it is as-yet unclear if there would be any way to stop a malicious individual from sending multiple invitations. The issue was highlighted by Twitter product employee Menotti Minutillo.

“After rolling out Slack Connect DMs this morning, we received valuable feedback from our users about how email invitations to use the feature could potentially be used to send abusive or harassing messages”, Jonathan Prince, the company’s vice president of communications and policy, reportedly said in emailed statements

“We are taking immediate steps to prevent this kind of abuse, beginning today with the removal of the ability to customize a message when a user invites someone to Slack Connect DMs.

“Slack Connect’s security features and robust administrative controls are a core part of its value both for individual users and their organizations. We made a mistake in this initial roll-out that is inconsistent with our goals for the product and the typical experience of Slack Connect usage.

“As always, we are grateful to everyone who spoke up, and we are committed to fixing this issue.”

Read more:

The Independent has reached out to Slack for more information about what steps are being taken, and why such testing was not conducted in the original instance.

Slack Connect is designed for business users, which starts at £5.25 per month - a small price to pay for individuals to flood the inboxes of their victims with abusive content.

TechCrunch reports that the feature is opt-in, but such a decision is made by IT administrators at the company; it is unclear whether individual users would be able to turn off the feature should they be the subject of harmful messages.

Slack is not the only company that has been criticised for inadequate testing of a new feature. Twitter, rolling out its Stories clone called ‘Fleets’, had to issue a delay due to a lack of security features.

Users were not informed when someone screenshots a fleet, and could be tagged by accounts that they had blocked without notification.