If you follow the lapsus telegram, you will see they are claiming they got AWS API keys from the corporate slack. That might be more dangerous than accessing the support console
I can see a Slack breach being far more damaging than policy should effectively permit it to be because plenty of people use it to share things they technically should not.