Slack Vulnerability Allowed Hackers to Hijack Accounts

A researcher earned $6,500 from Slack last year after finding a critical vulnerability that could have been exploited to hijack Slack accounts. Researcher Evan Custodio discovered in November 2019 that the enterprise collaboration platform's slackb.com domain was vulnerable to request smuggling attacks.