At first Strike was refusing to admit and claimed no leak from their side. But I guess they did some more digging, cause now they sent out a message admitting it might've come from one of their third-party vendors.
I have never users this service before; but its good that the news have gotten out, it should help those that are using the service become more cautious of how the interacts with mails coming in; because if those that have access to the leaked mail have any ill intentions they might be able to use them.
And for those that are using unique email for the service that is they created an email address specifically for that service then they might be able to change it and then discard the previous one to avoid any mistakes but those that do share their emails with other services should be cautious.