You can now send a DM to anyone in Slack — that's the problem

You can now send a DM to anyone in Slack — that's the problem

Slack will allow users to send direct messages to people outside the company with the new Slack Connect DMs feature

The service was originally announced in October and is just getting started The goal is to ensure that companies working with partners and clients can communicate with each other, but there are many other possibilities

However, it could be seen as a bad move, just as publishing personal email addresses on 4chan is considered a very bad idea

Connect DMs work through Slack's Connect feature, which was released last year; adding DMs to the mix is the latest part of that

The good news is that not everyone with the right address can send a message, as with email or text messages

Connect DM works by sending a special link, forcing both parties to initiate a shared conversation Depending on how the business's Slack channel is set up, administrator approval may be required

Much of the outrage over this feature on Twitter focuses on the risk of abuse and spamming that comes from outsiders sending messages to private Slack channels These concerns are compounded by the fact that Slack does not have the option to block or report other users

However, there are also obvious security and privacy concerns, such as the fact that Slack does not encrypt messages and stores them indefinitely This includes direct messages, and if an employer subscribes to the Slack Plus plan, they have access to archived and exported messages

Direct messages sent between companies would also likely be included, and presumably those conversations would be available to administrators on both sides

But personal privacy is not the only issue

Remember the big Twitter hack last year? It was one in which celebrities tweeted nearly identical bitcoin scams

According to a New York Times investigation, it happened because a hacker broke into Twitter's private Slack channel There, dubbed "Kirk," he gained access to a service that allowed him to access Twitter's servers That access was reportedly used to initiate a crypto scam

This story has not been confirmed by Twitter, which declined to comment at the time However, it does illustrate what can happen when private access to Slack is given to a malicious person

Last week, an 18-year-old Florida man was sentenced to three years in prison for hacking that took place as a juvenile According to Florida authorities, he convinced Twitter employees that he was a Twitter employee and that he was qualified to access Twitter's internal systems

Connect DM does not give outsiders unfettered access to private Slack channels, but it does mean that there is another potential hole in security Slack may not be the most obvious target of hackers, but if they are able to access the wrong conversations Slack administrators should take note: "We have already seen what can happen if they succeed in gaining access to the wrong conversations

Slack Connect DM is rolling out to paid users today and will eventually be available "soon" to free users

Categories