While I understand how disclosing group names of customers is a bad idea, everyone here jumping on how serious of a security vulnerability this is is missing the fact that it is a feature, not a bug. It's not disclosing anything that was ever intended by the Slack UX designers to be undisclosed, they clearly thought about it and decided to make this tradeoff. This is arguably bad judgement, but it's far from the gross incompetence and negligence that most comments here seem to be frothing at the mouth to proclaim. These are group names, not any internal communication or private data. In a world of Shellshocks and 8-figure credit card thefts direct from PoS systems, there is simply no way this qualifies as a "serious security vulnerability".