Workspace configuration metadata disclosure

Slack allows users to create a Workspace using the Get Started page, located at https://slack.com/get-started#/create. This process uses workspace metadata to direct the user-provided email address to existing Slack accounts. However, if a domain pertaining to an Enterprise customer is submitted during the Workspace creation process, the response from the Slack API will contain data about the Organization, such as its SSO provider, Enterprise ID, and the email address which the Organization uses to manage their Slack account. This allows an attacker to obtain metadata about Slack's Enterprise customers, by supplying the Organization’s email domain to the Workspace creation form.