A note from the Pipeboard team

Hi there,

A short update on a security event upstream and what we did about it. Our hosting provider, Vercel, reported a security incident on April 19, 2026 in which an attacker had temporary access to some of their internal systems through a compromised third-party tool. Vercel has confirmed the issue is contained and that sensitive, encrypted credentials were not exposed.

In line with our security practices, we rotated credentials and keys across our systems — the Pipeboard web app, the Meta Ads and Google Ads integrations, our MCP servers, and our reporting pipeline — so that anything that could have been touched is now replaced.

What this means for you

• Your ad accounts are safe. Your connections to Meta and Google were not at risk from this incident.
• Your data is safe. We have no indication that any Pipeboard customer data was accessed.
• You may have seen some brief hiccups. Rotating credentials briefly disrupted parts of the product. A few of you may have noticed slower reports, connections that needed to be reconnected, or the occasional error message. Thanks for bearing with us.

Everything is back to normal, and we are verifying each system to make sure nothing was missed.

Why we acted quickly

Even with no confirmed exposure on our side, rotating credentials after an upstream notice is the right call. A short window of turbulence is a fair trade for the extra assurance.

We are here to help

If anything is still not working right for you — a broken connection, a missing report, a campaign you are not sure about — please reach out. We will make it right.

Just head to /support and our team will get back to you quickly.

Thank you for trusting us with your advertising. We do not take that lightly, and we are grateful for your patience this week.

— The Pipeboard team