yeah so the same company. and given the type of attack have to have a lot of knowledge about usernames and what they may have potentially shared in some random private slack channel. I can understand why slack is not alarmed with this. would like to see their official response though

Same workspace != same company. It's not uncommon to have people from multiple organizations in the same workspace.

This makes the described attack seem even less interesting/dangerous. Thanks