InformationTitleSecurity Notice: Potential Exposure of LeanData-Stored Integration CredentialsURL NameSecurity-Notice-Potential-Exposure-of-LeanData-Stored-Integration-CredentialsStep-by-StepSecurity Notice: Potential Exposure of LeanData-Stored Integration Credentials Update July 6, 2026 At this time, there remains no evidence of any additional impacted customers beyond the first two who reported it and we don’t anticipate any further impact. We are continuing our investigation and will provide a final RCA as soon as possible. Update July 7, 2026 At this time, there remains no evidence of any additional impacted customers beyond the first two who reported it and we don’t anticipate any further impact. We are continuing our investigation and will provide a final RCA as soon as possible. Update July 2, 2026 At this time, there remains no evidence of any additional impacted customers beyond the first two who reported it and we don’t anticipate any further impact. We are continuing our investigation and will provide a final RCA as soon as possible. Update July 1, 2026 At this time, there remains no evidence of any additional impacted customers beyond the first two who reported it and we don’t anticipate any further impact. We are continuing our investigation and will provide a final RCA as soon as possible. Update June 30, 2026 At this time, there remains no evidence of any additional impacted customers beyond the first two who reported it and we don’t anticipate any further impact. We are continuing our investigation and will provide a final RCA as soon as possible. Update June 29, 2026 At this time, there remains no evidence of any additional impacted customers beyond the first two who reported it and we don’t anticipate any further impact. We are continuing our investigation and will provide a final RCA as soon as possible. Update June 24, 2026 At this time, there remains no evidence of any additional impacted customers beyond the first two who reported it and we don’t anticipate any further impact. We are continuing our investigation and will provide a final RCA as soon as possible. Update June 23, 2026 At this time, there remains no evidence of any additional impacted customers beyond the first two who reported it and we don’t anticipate any further impact. We are continuing our investigation and will provide a final RCA as soon as possible. Update June 22, 2026 At this time, there remains no evidence of any additional impacted customers beyond the first two who reported it and we don’t anticipate any further impact. We are continuing our investigation and will provide a final RCA as soon as possible. Update June 19, 2026 At this time, there remains no evidence of any additional impacted customers beyond the first two who reported it and we don’t anticipate any further impact. We are continuing our investigation and will provide a final RCA as soon as possible. Update June 18, 2026 At this time, there remains no evidence of any additional impacted customers beyond the first two who reported it and we don’t anticipate any further impact. We are continuing our investigation and will provide a final RCA as soon as possible. Update June 17, 2026 At this time, there remains no evidence of any additional impacted customers beyond the first two who reported it and we don’t anticipate any further impact. We are continuing our investigation and will provide a final RCA as soon as possible. Update June 16, 2026 At this time, there remains no evidence of any additional impacted customers beyond the first two who reported it and we don’t anticipate any further impact. We are continuing our investigation and will provide a final RCA as soon as possible. Update June 15, 2026 At this time, there remains no evidence of any additional impacted customers beyond the first two who reported it and we don’t anticipate any further impact. We are continuing our investigation and will provide a final RCA as soon as possible. Update June 11, 2026 At this time, there remains no evidence of any additional impacted customers beyond the first two who reported it and we don’t anticipate any further impact. We are continuing our investigation and will provide a final RCA as soon as possible. Update June 10, 2026 At this time, there remains no evidence of any additional impacted customers beyond the first two who reported it and we don’t anticipate any further impact. We are continuing our investigation and will provide a final RCA as soon as possible. Update June 9, 2026 At this time, there remains no evidence of any additional impacted customers beyond the first two who reported it and we don’t anticipate any further impact. We are continuing our investigation and will provide a final RCA as soon as possible. Update June 8, 2026 At this time, there remains no evidence of any additional impacted customers beyond the first two who reported it and we don’t anticipate any further impact. We are continuing our investigation and will provide a final RCA as soon as possible. Update June 5, 2026 At this time, there remains no evidence of any additional impacted customers beyond the first two who reported it and we don’t anticipate any further impact. We are continuing our investigation and will provide a final RCA as soon as possible. Update June 4, 2026 At this time, there remains no evidence of any additional impacted customers beyond the first two who reported it and we don’t anticipate any further impact. We are continuing our investigation and will provide a final RCA as soon as possible. Update June 3, 2026 At this time, there remains no evidence of any additional impacted customers beyond the first two who reported it and we don’t anticipate any further impact. We are continuing our investigation and will provide a final RCA as soon as possible. Update: May 29, 2026 We are continuing to work with organizations using Slack or Cloudingo integrations to revoke and reauthorize the integrations through the LeanData dashboard to invalidate any potentially exposed tokens. If neither integration is authorized in your LeanData environment, you are not affected and don't need to take action. At this time, there remains no evidence of any additional impacted customers beyond the first two who reported it. We are continuing our investigation and will provide a full update as soon as possible. We are committed to transparency throughout this process. Customers with questions can reach our team at security@leandata.com. Update: May 28, 10:30 am Our investigation continues. We are continuing to work with organizations using Slack or Cloudingo integrations to revoke and reauthorize the integrations through the LeanData dashboard to invalidate any potentially exposed tokens. If neither integration is authorized in your LeanData environment, you are not affected and don't need to take action. At this time, we still have no evidence of any additional impacted customers beyond the first two who reported it. We are continuing our investigation and will provide a full update as soon as possible. We are committed to transparency throughout this process. Customers with questions can reach our team at security@leandata.com. Updates: May 22, 3:56pm PT After further investigation, we have narrowed down the risk of exposure from nine to two integrations: Slack and Cloudingo. We have reconfirmed there is no exposure on LeanData's Salesforce access tokens. If neither integration is authorized in your environment, you are not affected and don't need to take action. Our recommendation for any LeanData instance with either of these integrations authorized remains the same: Revoke and reauthorize the integrations above through the LeanData dashboard. This invalidates any potentially exposed tokens. Instructions are available here. Please note: BookIt is not impacted and calendars do not need to be reauthorized. At this time, we have not been notified of any additional impacted customers beyond the first two who reported it. To confirm what we know: There is no evidence of unauthorized access to customers’ Salesforce data or LeanData product dataWe believe the exposure is limited to a subset of third-party integrations; we are taking proactive action while the security investigation and response continuesRevoking and reauthorizing the affected integrations fully mitigates the risk We are continuing our investigation and will provide a full update next week. We are committed to transparency throughout this process. Customers with questions can reach our team at security@leandata.com. Update: May 22, 1:27pm PT On May 21 around 7:30pm PT, the email below was sent to LeanData Admins whose LeanData instance is connected to specific integrations. The recommended action was to revoke and reauthorize affected integrations as soon as possible. Step-by-step instructions were provided here. At this time, we have not been notified of any additional impacted customers beyond the first two who reported it. To confirm what we know: There is no evidence of unauthorized access to customers' Salesforce data or LeanData product dataWe believe the exposure is limited to a subset of third-party integrations; we are taking proactive action while the security investigation and response continuesRevoking and reauthorizing the affected integrations fully mitigates the risk We are continuing our investigation and will provide a full update next week. We are committed to transparency throughout this process. Customers with questions can reach our team at security@leandata.com. Original Message sent May 21, 2026, 7:24pm PT We're writing to inform you of a security matter that may affect your LeanData-managed integrations. We were alerted that two of LeanData customers' Slack integrations were compromised, likely by an external actor who obtained integration credentials. As the Slack integration can read your user/channel directory, and send messages from a customized display name (but not read them), leaked credentials would grant the same access until reauthorized.While our initial investigation indicates this is an isolated incident, we strongly recommend having your admin revoke and reauthorize all of your integrations as soon as possible to mitigate any risk to your organization. The following integrations connected with LeanData where encrypted credentials were stored in Salesforce should be re-authenticated: SlackMicrosoft TeamsOutreachSalesloft6senseDemandbaseCloudingoCrossbeam We strongly recommend the following actions, in priority order: Revoke and reauthorize the integrations above through the LeanData dashboard. This invalidates any potentially exposed tokens. Instructions are available here. Please note: BookIt is not impacted and calendars do not need to be reauthorized. Share this email with your security team so they can review your vendor-side audit logs for the affected integrations, if any, and flag any activity inconsistent with your normal usage patterns. We can share specific indicators of compromise (IOCs) on request, including the source IP we have observed in the above two cases. Please report any findings to us at security@leandata.com. Our investigation is in its early stages. To date we have identified no unauthorized access to LeanData product data, Salesforce data, or BookIt. The exposure is bound to the third-party integration credentials described above. We are continuing to monitor and will update you if our understanding changes. We are continuing to analyze potential vulnerabilities across our integrations and are committed to a thorough investigation and full transparency. We will provide a detailed update next week. We take security risks seriously and deeply apologize for the additional work this creates for your team. Sincerely, Kelvin Cheung Chief Information Security Officer LeanData