In Slack between April 17, 2017 and July 17, 2022 if a shared invite link was created or revoked the hashed password of the user who created or revoked the link would have been disclosed in the invitation link, allowing an attacked viewing the invitation link to see the hashed password (also salted). Users have been advised to change their passwords.