Slack
Team messaging platform. Not end-to-end encrypted — your employer and Salesforce can access messages.
What should journalists know about Slack?
Slack is the default newsroom messaging tool — and the worst place to discuss anything confidential. It is not end-to-end encrypted. Workspace admins can export messages. Salesforce (parent company since July 2021) can access data. Courts treat Slack messages identically to email in discovery. In July 2024, the hacker group NullBulge exfiltrated 1.1TB from Disney's internal Slack — 44 million messages, 18,800 spreadsheets, 13,000 PDFs — via a compromised employee device. Disney moved its entire workforce to Microsoft Teams by Q2 FY2025. In November 2025, Nikkei confirmed attackers stole credentials from a malware-infected personal laptop and accessed Slack data for 17,368 employees and partners. In August 2024, security firm PromptArmor demonstrated that Slack AI was vulnerable to indirect prompt injection — an attacker in the same workspace could exfiltrate private channel data via crafted messages. Slack initially called this "intended behavior" before patching it a week later. In May 2024, users discovered Slack had been quietly using customer data to train its ML models since September 2023, with opt-out requiring an email to feedback@slack.com. Slack later clarified that its generative AI features do not train on customer data, but its traditional ML models (search, recommendations) still use de-identified aggregate data by default. For newsrooms, the calculus is simple: use Slack for logistics, never for journalism. Source names, sensitive tips, and confidential discussions belong on Signal or, for teams that need Slack-like features with end-to-end encryption, Element (Matrix) or Mattermost self-hosted.
Newsroom coordination, story assignments, non-sensitive team communication, integrations with editorial tools.
Source communication. Sensitive editorial discussions. Anything you would not want your employer, Salesforce, or a court order to reveal. Use Signal for those conversations.
Security & Privacy
Data is scrambled while being sent to their servers
Data is scrambled when stored on their servers
Where servers are located — affects which governments can request your data
Privacy policy summary
Slack encrypts data in transit and at rest but is not end-to-end encrypted. Workspace owners and admins can export all messages, including DMs on paid plans with Compliance exports enabled. Salesforce, as the parent company, can access customer data. Slack requires a search warrant before producing message content to law enforcement, and a subpoena or court order for non-content data (metadata, login records). Federal law prohibits Slack from producing content in response to civil subpoenas. Slack states it does not conduct real-time surveillance and is not eligible for FISA Section 702 upstream surveillance. Traditional ML models (search ranking, channel recommendations, emoji suggestions) use de-identified aggregate customer data by default — opt-out requires workspace owners to email feedback@slack.com. Generative AI features (Slack AI add-on) do not train on customer data and use LLMs hosted on Slack's own AWS infrastructure. Transparency reporting is published annually but lags — the most recent detailed report covers 2021. Deleted data persists in security backups for up to 14 days.
How to protect yourself:
Never discuss sources, tips, or sensitive editorial material on Slack — assume every message can be read by your employer, Salesforce, and potentially produced in court. Minimize third-party app integrations: the Disney breach (1.1TB via compromised device) and the PromptArmor Slack AI exploit both demonstrate that integrations and AI features are active attack surfaces. Audit connected apps quarterly via workspace admin settings. If your newsroom uses Slack AI, understand that any workspace member could potentially exploit prompt injection to exfiltrate private channel data — disable Slack AI on channels with editorial sensitivity. Opt out of ML training: have your workspace owner email feedback@slack.com with subject line "Slack Global model opt-out request." If your organization requires Slack, advocate for Enterprise Grid with Enterprise Key Management (EKM), which lets you control encryption keys via AWS KMS and revoke access if needed — but EKM is only available on Enterprise Grid (custom pricing). Set message retention policies to the shortest window your organization allows. For sensitive conversations, use Signal (mobile) or Element/Matrix (team messaging with E2EE). For newsrooms that need self-hosted Slack alternatives, evaluate Mattermost (open source, self-hosted, popular with defense/government) or Element (Matrix protocol, end-to-end encrypted by default).
Encrypted in transit (TLS 1.2+) and at rest (AES-256), with SOC 2 Type II, SOC 3, ISO 27001 certifications. FedRAMP Moderate authorized since May 2020; GovSlack holds FedRAMP High authorization. Not end-to-end encrypted — Salesforce and workspace admins can read all messages. Enterprise Key Management (EKM) available only on Enterprise Grid, using AWS KMS for customer-controlled encryption keys. Three major real-world incidents in 18 months (Disney 1.1TB exfiltration, Nikkei 17K-user breach, Slack AI prompt injection) demonstrate that Slack's attack surface — particularly through integrations, AI features, and credential theft — is actively exploited. The May 2024 ML training controversy revealed Slack's default opt-in approach to data usage. Adequate for non-sensitive newsroom coordination. Not appropriate for any communication involving sources, confidential tips, or sensitive editorial material.
Who Owns This
Known issues
July 2024: Hacker group NullBulge exfiltrated 1.1TB from Disney's Slack — 44 million messages, 18,800 spreadsheets, 13,000 PDFs. Disney moved its entire workforce off Slack to Microsoft Teams by early 2025. August 2024: Security firm PromptArmor disclosed an indirect prompt injection vulnerability in Slack AI that allowed data exfiltration from private channels. Slack initially dismissed it as "intended behavior" before patching. The risk increased after Slack AI began ingesting uploaded files on August 14, 2024, creating new injection vectors — meaning an attacker might not even need to be a workspace member. May 2024: Users discovered Slack had been training ML models on customer data since September 2023 with opt-out buried behind an email request, triggering widespread backlash. November 2025: Nikkei confirmed attackers compromised its Slack workspace via malware-stolen credentials from an employee's personal laptop, exposing data for 17,368 employees and partners. January 2024: FTC issued guidance confirming Slack messages are subject to document preservation and production in regulatory investigations, same as email. A Slack-connected GenAI tool gained unauthorized administrative access to a linked Salesforce instance, demonstrating SaaS-to-SaaS integration risk.
Pricing
Free: 90 days of message history, 10 app integrations. Pro: $8.75/user/month. Business+: $12.50/user/month. Enterprise Grid: custom.
This is an editorial assessment based on publicly available information as of 2026-04-02, using our published methodology. Independent security review is pending. Security posture can change at any time. This is not a guarantee of safety.
Something wrong or outdated? Report it.