Passwords not visible to clients
The error occurred whenever a user sent or revoked an invitation link for their workspace: Slack then sent a hashed version of the user’s password to other workspace members. However, this hashed password was not visible to the Slack clients. To detect it, the encrypted network traffic coming from the Slack servers should have been actively monitored.
Slack was notified of the bug on July 17, 2022. It affected all users who acted with invitation links between April 17, 2017 and this time. After being notified by the security researcher, the underlying error was immediately corrected and the possible effects examined. The company sees no reason to believe that plain text passwords could have been leaked to unauthorized persons. The reset is purely a precautionary measure, according to a statement from Slack. The company recently announced that it would raise the price of the company chat Pro license.