HubSpot Hack Leads to Data Breaches at BlockFi, Swan Bitcoin, NYDIG and Circle

seksan Mongkhonkhamsao

A data breach at HubSpot, a tool used by many companies to manage marketing campaigns and on-board new users, has affected BlockFi, Swan Bitcoin, NYDIG and Circle.

However, all the companies said their operations were not affected and their treasuries were not at risk.

  • HubSpot is a customer relationship management (CRM) tool used to store users’ names, phone numbers and email addresses for marketing purposes, and measure the effectiveness of marketing campaigns.

  • While user information was leaked to hackers, the affected companies said passwords and other internal information were not affected. In outreach emails seen by CoinDesk, the companies said HubSpot is an external tool and hackers did not gain access to internal systems.

  • HubSpot said the breach was the result of a bad actor getting access to an employee account and using it to target stakeholders in the cryptocurrency industry.

  • The company said 30 clients were affected, but has not published a full list.

  • Some users have reported receiving an uptick in phishing emails from the companies over the weekend, attempting to lure them into entering their passwords on a fake site.

  • In 2020, BlockFi suffered a breach after an employee’s SIM card was compromised and ported over to an unauthorized user. After 2020’s attack, BlockFi hired a new chief security officer.

  • Crypto venture capital firm Pantera Capital said in February that its Hubspot account had been compromised, and followed up with an email to its clients on March 19.

  • At this time, a timeline of events is unknown as HubSpot has not said when its systems were compromised.

UPDATE (March 21, 11:56 UTC): Adds NYDIG, Circle to headline.