Data Security Incident – Support Ticket Data vs. Support Case Management System

​@davz We received the same notification and I’m reading it now and try to understand the effects of it.
To me the information Docebo offers in the notification is bit limited and hard to grasp. 
For starters, as they state in the message that “We are contacting you to inform you of a data security incident that may have involved your business contact data.” I would like to be sure have we involved or not as that makes a big difference.

So far, I haven’t heard anything else from Docebo on top the message they sent but what I’ll do is to forward it to our information security team and they can contact Docebo with specific follow-up questions and demanding further investigation on how this happened etc.

To me it sounds like that Docebos’ own support systems has not been compromised and it’s the third party ones that are which may not be accessible to us and is used by Docebo support in the backend. Thats who I understand that since they don’t state the name of the system.

Would be good to get a more information to this from Docebo!

This may be helpful, I asked Co-Pilot to ‘Tell me what this means?’

 

Summary of the Incident Notification from Docebo

What Happened

• A third-party provider (used by Docebo for customer engagement) experienced a security breach.
• Attackers accessed tokens that allowed them to query Docebo’s CRM system (Customer Relationship Management).
• This happened between August 13–18, 2025.
• Docebo was one of the affected customers, but your LMS (Learning Management System) platform was not accessed or compromised.

What Data Was Potentially Exposed

The data that may have been accessed includes:

• Business contact details (e.g. name, work email, phone number)
• Technical support ticket content
• Billing information

No sensitive personal data (like passwords, payment info, or government IDs) was involved.

What Docebo Has Done

• Disabled the third-party CRM integration immediately.
• Started a forensic investigation with external experts.
• Is working with the third-party provider and CRM security teams.
• Is improving monitoring and token security across integrations.

What You Should Do

• No action is required from you right now.
• As a precaution, stay alert for suspicious emails and report anything unusual to privacy@docebo.com.

Reassurance

• The issue was not with Docebo’s LMS or support systems.
• Docebo is taking steps to strengthen its security and will update you once the investigation is complete.

Per company protocol, we have submitted the email we received from Docebo to our Security Team. I recommend  you do the same.

Yep, my security team is across it… It’s just not clear to me what support ticket content was compromised. For example, a Docebo support consultant accessed my account and put in one of my customer’s email addresse in a support ticket as an example. Does that mean my customer’s email address was exposed in the hack?

Because in the email it said support ticket data was hacked, but the Support Case Management System wasn’t hacked. Was my support ticket data in the Support Case Management System or somewhere else?

I’m a confused :)

Does that mean my customer’s email address was exposed in the hack?

Im wondering the same thing as it little bit conflicting how they state the issue.

We have all types of data in the support tickets based on what the issue on each case has been. As well, like ​@davz mentions, we have given an example cases to the support which has been our customers so do we need to consider that customer information has been leaked!?

To me it sounds like Docebo does not know what the full impact is and therefore, their statement comes across really broad and no specific details are said.

Hello everyone, thank you for bringing these questions and concerns regarding the recent data security incident involving our CRM platform. 

It’s important to submit any further questions to security@docebo.com for our Security team to review. They will follow up with any additional details that they can provide at this time. 

In the meantime, we encourage you to remain alert to the possibility of phishing attempts or suspicious emails that may reference your contact information.   

We understand that security is a top priority and are committed to keeping you informed and supported.

For everyone following this, other companies were hit as well. I got the same notification from MadCap software :(

With that said, I really do commend the Docebo staff: Austin Spence and Vikki Dziuma. They’ve been VERY HELPFUL! They provided me all the info I needed for moving forward. Now I know which of my support tickets would have been compromised and who I should be contacting on my side to let them know their details may have been compromised.

Here is what they told me:

 

Docebo has clarified that their CRM platform is separate from their support case management system, which is still fully operational and was not compromised.

Here’s what that means for support tickets:

• Tickets handled through the support case system → Only the first comment from a ticket may have been included. No attachments were compromised.

• Technical support chats → These may include more back-and-forth details, so a larger portion of the chat history could have been affected.

• Certain technical support cases (via Salesforce CRM) → In these situations, the full text of the case may have been impacted, but again, attachments were not included.
   

​@davz Thank you for providing what you have been told, much appreciated!

One last detail before I stop spamming this board 😁:

According to Docebo support, if an image appears in a support ticket, it’s still classified as an attachment even it’s not listed in the attachment list in the support ticket. Since attachments were not part of the compromised data, those images would not have been exposed.