InformationTitleSecurity Notice: Potential Exposure of LeanData-Stored Integration CredentialsURL NameSecurity-Notice-Potential-Exposure-of-LeanData-Stored-Integration-CredentialsStep-by-StepSecurity Notice: Potential Exposure of LeanData-Stored Integration Credentials On May 21 around 7:30pm PT, the email below was sent to LeanData Admins whose LeanData instance is connected to specific integrations. The recommended action was to revoke and reauthorize affected integrations as soon as possible. Step-by-step instructions were provided here. At this time, we have not been notified of any additional impacted customers beyond the first two who reported it. To confirm what we know: There is no evidence of unauthorized access to customers' Salesforce data or LeanData product dataWe believe the exposure is limited to a subset of third-party integrations; we are taking proactive action while the security investigation and response continuesRevoking and reauthorizing the affected integrations fully mitigates the risk We are continuing our investigation and will provide a full update next week. We are committed to transparency throughout this process. Customers with questions can reach our team at security@leandata.com. Original Message sent May 21, 2026, 7:24pm PT We're writing to inform you of a security matter that may affect your LeanData-managed integrations. We were alerted that two of LeanData customers' Slack integrations were compromised, likely by an external actor who obtained integration credentials. As the Slack integration can read your user/channel directory, and send messages from a customized display name (but not read them), leaked credentials would grant the same access until reauthorized.While our initial investigation indicates this is an isolated incident, we strongly recommend having your admin revoke and reauthorize all of your integrations as soon as possible to mitigate any risk to your organization. The following integrations connected with LeanData where encrypted credentials were stored in Salesforce should be re-authenticated: SlackMicrosoft TeamsOutreachSalesloft6senseDemandbaseCloudingoCrossbeam We strongly recommend the following actions, in priority order: Revoke and reauthorize the integrations above through the LeanData dashboard. This invalidates any potentially exposed tokens. Instructions are available here. Please note: BookIt is not impacted and calendars do not need to be reauthorized. Share this email with your security team so they can review your vendor-side audit logs for the affected integrations, if any, and flag any activity inconsistent with your normal usage patterns. We can share specific indicators of compromise (IOCs) on request, including the source IP we have observed in the above two cases. Please report any findings to us at security@leandata.com. Our investigation is in its early stages. To date we have identified no unauthorized access to LeanData product data, Salesforce data, or BookIt. The exposure is bound to the third-party integration credentials described above. We are continuing to monitor and will update you if our understanding changes. We are continuing to analyze potential vulnerabilities across our integrations and are committed to a thorough investigation and full transparency. We will provide a detailed update next week. We take security risks seriously and deeply apologize for the additional work this creates for your team. Sincerely, Kelvin Cheung Chief Information Security Officer LeanData
