HubSpot, a popular marketing and sales platform, discovered on March 18th that a bad actor had hacked into a HubSpot employee account. While the HubSpot investigation is still ongoing and further information is being gathered, preliminary findings indicate that data was exported from fewer than 30 HubSpot portals, all of which have been contacted. HubSpot believes that this is a targeted attack aimed at customers in the cryptocurrency sector at this time.
Data was obtained from fewer than 30 portals according to HubSpot, but the company didn’t specify which accounts were hacked.
Cryptocurrency companies spend a lot of money on cybersecurity, but third-party vendors might still be targeted by hackers. Circle, BlockFi, Pantera Capital, NYDIG, and other big crypto businesses said their user data had been hacked over the weekend.
HubSpot alerted the companies that a hacker had acquired access to their customers personal data, according to emails sent to clients.
HubSpot is Pantera’s client relationship management platform. According to Pantera Capital, the information that may have been accessed includes first and last names, email addresses, mailing addresses, phone numbers, and regulatory classifications.
Pantera further stated that the incident had no impact on its “internal systems,” and that the hacker did not gain access to any Social Security numbers or government IDs provided by clients.
Customers’ funds, financial transaction data, and know your customer (KYC) data were not compromised in the instance of Circle, but clients contact information was stolen, according to the company.
The attack was described by HubSpot as a targeted incident aimed at customers in the cryptocurrency business, with a “bad actor” gaining access to an employee’s account.
The identities of some of the affected companies have instead been revealed as a result of the companies themselves notifying their customers, which is a common practise intended to both warn customers and reduce legal exposure from such incidents, which can result in class action lawsuits and fines from regulators such as the Federal Trade Commission.
Because HubSpot hasn’t acknowledged how much data was stolen, the full scope of the incident is still unknown. However, given the fact that companies like BlockFi and Circle have millions of consumers, the attack might have been significant.