Hubspot kept user data such as names, email addresses, and phone numbers as a third-party provider for BlockFi, which has previously been used to perform phishing attacks.
BlockFi, a cryptocurrency financial institution situated in New Jersey, disclosed a data breach issue involving one of its third-party providers, Hubspot. BlockFi’s proactive notification of the breach tries to dissuade unscrupulous actors from repurposing user data for fraudulent purposes.
The notification states that the hackers obtained access to BlockFi’s client data on Friday, March 18, which was kept on Hubspot, a customer relationship management platform:
“Hubspot has confirmed that an unauthorized third-party gained access to certain BlockFi client data housed on their platform.”
Hubspot kept user data such as names, email addresses, and phone numbers as a third-party provider for BlockFi. Historically, unscrupulous actors have exploited this information to execute phishing attacks and acquire access to user-provided password-protected accounts.
Regarding recent third-party data incident: pic.twitter.com/50z7IrQ1za
— BlockFi (@BlockFi) March 19, 2022
At the time of writing, BlockFi was assisting Hubspot’s investigation in order to acquire clarity on the data breach’s overall impact. While the specifics of the compromised data have not been identified or disclosed, BlockFi informed consumers that sensitive data — like passwords, government-issued identification, and social security numbers — “were never saved on Hubspot.”
Additionally, BlockFi has confirmed that no access to its internal system or client funds occurred, and that the vulnerability remained isolated to the third-party vendor Hubspot.
Additionally, the organization recommended four techniques for consumers to secure their online presence from malicious actors: strong password hygiene, two-factor authentication (2FA), allowing trusted applications to be listed, and vigilant against scammers.
Finally, BlockFi recognized that time is critical and has accelerated their investigations to determine the extent of the breach:
“Additional information will be emailed to all impacted clients in the coming days.”
Investors are encouraged to exercise caution with any firm communication, particularly those that need immediate action in requesting/changing personal information, such as passwords and wallet addresses.
Rare Bears, a freshly established nonfungible token (NFT) initiative, was attacked on Friday, March 18, resulting in the theft of over $800,000 in NFTs.
🚨 Warning 🚨@BearsRare
Discord has unfortunately been compromised. Please DO NOT click any links, connect your wallet and block all incoming DMs in our discord. Our team are working on the situation as we speak 🙏🏼
— Rare Bears (@BearsRare) March 17, 2022
Disclaimer: These are the writer’s opinions and should not be considered investment advice. Readers should do their own research.