Whether you’re talking about enterprise file storage, email, or chat messaging software, they all have APIs and/or admin user interface to allow retrieving any and all data to support eDiscovery.

Hardly slacks fault. With so many clients and so much money behind that, theres such a big target on their back that shoring up defenses is fundamentally impossible. It’s probably best to just consider such services from such large providers as already compromised, and keep sensitive data off them entirely.

All their APIs are rate limited. Disney would have a Grid and with Grids you get data dumps. The feature is normally used for litigation and you need pretty high admin access to get a dump. They either found an exploit or they compromised an Admins account.