HubSpot hack leads to multiple Web3 and crypto company data breaches

22 Mar 2022

Image: © Oulaphone/Stock.adobe.com

Crypto companies including Swan Bitcoin and BlockFi confirmed they are among the 30 companies that suffered a data breach.

Multiple Web3 and crypto companies have been affected by a data breach at HubSpot, a marketing and sales platform that stores customer information.

HubSpot said on Saturday (19 March) that it became aware of a compromised employee account the previous day. The company believes data was exported from around 30 of its clients, “all of whom have been notified”.

Future Human

A full list of the affected clients has not been published, but the company said it appeared to be a “targeted incident focused on customers in the cryptocurrency industry”.

Crypto companies including Swan Bitcoin and BlockFi confirmed that some data had been accessed as a result of this incident. Other companies such as NYDIG, Pantera Capital and Circle have also been reported as being among the affected clients.

HubSpot provides a customer relationship management (CRM) platform for marketing, sales and content management services.

It said that a “bad actor” compromised a HubSpot employee account and was able to use its privileges to access customer information and export contact data from a small number of HubSpot customer accounts.

“We have terminated access for the compromised HubSpot employee account and removed the ability for other employees to take certain actions in customer accounts,” HubSpot said in a blog post. “We take the privacy of our customers and their data incredibly seriously.”

While it is unclear what the attacker planned to do with this information, Coindesk reported that some users saw an uptick in phishing emails over the weekend, attempting to lure them into putting their passwords into a fake company website.

HubSpot said it will continue an investigation into the incident and that additional information may cause the facts to “change or evolve”. The company also said any customers of the affected companies should reach out to them for information on “what data was shared and any necessary steps they need to take”.

HubSpot has more than 135,000 companies in around 120 countries using its software for marketing, sales and customer service, with customers including the World Wildlife Fund, Reddit, Suzuki, Trello, VMware and SoundCloud.

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.

Leigh Mc Gowran is a journalist with Silicon Republic

editorial@siliconrepublic.com