HubSpot has been hit by a hacking attack. Hackers managed to steal data from about 30 customers. Especially crypto companies were affected.
According to the supplier of CRM solutions, hackers managed to penetrate the systems via a compromised account of an employee. This gave them access to customers’ systems, from which they managed to steal data. How the attack came about is not yet known. HubSpot is still investigating.
30 affected customers
The attack affected approximately 30 HubSpot portals of US customers only. The customers that were attacked are active in cryptocurrency. Customers who reported being affected include Circle Internet Financial, BlockFi Lending, Pantera Capital, New York Digital Investments Group and Swan Bitcoin.
The data purloined by the hackers mainly involves customer contact information. The affected company BlockFi indicates that the hackers did not capture any account passwords, government ID numbers or Social Security numbers. The company further indicates that the stolen data mainly concerns names, email addresses and telephone numbers of customers.
Measures taken by HubSpot
HubSpot has meanwhile taken measures to prevent further exploitation of the leak. The accounts of the affected employees have been closed. Also, the permissions that other employees had for accessing customer accounts to perform various activities have now been revoked. HubSpot allows employees to access customer accounts for maintenance activities and support.