Slack Releases Connect DMs Only To Disable Some Features Within Hours Following Fears Of Phishing, Harassment, And Malware Attacks

Last year, Slack announced the upcoming release of its latest offering, Slack Connect DMs. The new feature enables Slack users to send private messages to employees outside of their company. Designed for companies working with partners or clients, the service also enables people to use it to message friends at other companies.

Become a Subscriber

Please purchase a subscription to continue reading this article.

Subscribe Now

Connect DMs gives users the ability to send an invite to anyone with their work email address, and if the recipient opts-in, the new contact is added to their Slack sidebar.

However, within an hour of launching Connect DMs in March, Slack disabled the option to send a message alongside an invite due to concerns that the feature could be used to send abusive messages or enable harassment. This came after customers on Twitter begun complaining that Slack had made them vulnerable to spammers, phishers, and people looking to harass others.

In a 2018 survey conducted by Women Who Tech, Rad Campaign, and Lincoln Park Strategies, 28% of respondents said they've been bullied, harassed, or threatened online, or knew someone who experienced this. Among people 35 and younger, that percentage jumped to 55%. In the IT space, 59% of women of color and 43% of white women have experienced workplace discrimination, according to Ensono's Speak Up 2020 report.

Slack Connect was designed as an alternative to emails, connecting customers and partners to the company’s established communications systems. However, upon launching, users noticed that Slack was not filtering the custom text that could be added to the Connect DM invitations, and wasn’t limiting the amount that could be sent, making it the perfect breeding ground for spammers and harassers. While the feature didn’t allow people to send files when sending an invite, it was possible to direct a target to a channel containing malware or one that hosts links to attack sites.

In response to the feedback, Slack released a statement: “We made a mistake in this initial roll-out that is inconsistent with our goals for the product and the typical experience of Slack Connect usage. As always, we are grateful to everyone who spoke up, and we are committed to fixing this issue.”

While this mistake was corrected swiftly — and without any damage — it could negatively affect consumer confidence in Slack as an internal organization “safe zone” with its planned new features.