[tiglionabbit]

This is hardly an exploit. Since no authentication is required in order to see the chatroom listings for any domain, we must assume that they meant for their chatroom directory to be public information. This may not be what their customers are expecting, though...

[ZoFreX]

It's not listing chatrooms, it's listing teams. Very different. For example, at the company I work we have two teams on Slack: Engineering and Marketing. Not really a problem if people find out that! The channel listing would potentially be more interesting, and this exploit does not allow you to see that (spoilers: it's "general", "random", and "cats").

[spacefight]

It's information disclosure at its finest. Something you _really_ want to avoid in a sensitive environment - which company internal comms certainly is.

[thecus]

It's a minor degree of information disclosure -- hardly at it's finest.