HubSpot, a Cambridge, Mass.-based provider of CRM, sales and marketing software, confirmed that hackers targeted customers in the cryptocurrency industry in a cybersecurity attack reported March 18, 2022.
The “bad actor,” as HubSpot reported, compromised a HubSpot employee account. The company's initial assessment suggested that data was exported from fewer than 30 HubSpot portals, all of whom have been notified.
HubSpot added that it terminated access for the compromised employee account and removed the ability for other employees to take certain actions in customer accounts.
“We take the privacy of our customers and their data incredibly seriously,” HubSpot officials said.
"While our investigation is ongoing, we wanted to share these initial findings even as we may learn additional facts through our investigation that cause the details above to change or evolve.”
HubSpot: Contact Data Was Target
HubSpot reported that the bad actor was attempting to access contact data, and details on the bad actor’s actions were provided to affected customers.
“Some employees have access to HubSpot accounts,” HubSpot officials added. “This allows employees such as account managers and support specialists to assist customers. In this case, a bad actor was able to compromise an employee account and make use of this access to export contact data from a small number of HubSpot accounts.”
Related Article: 4 Ways Bad Cybersecurity Habits Can Cost You Customers
Affected Customers: Marketing Data Compromised
One of the affected customers, Swan Bitcoin, confirmed in a March 19, 2022 tweet that the bad actor gained access to its client marketing data.
Cory Klippsten, CEO of Swan Bitcoin, wrote in a letter to customers that HubSpot stores data his company relies on to onboard new and prospective clients. His team’s investigation confirmed unauthorized access to a subset of Swan customer data held at HubSpot.
- Account types (personal, business or retirement)
- Phone numbers
- Company names (in some cases)
“The Swan team has taken proactive measures that include adding enhanced monitoring to all accounts and rotation of all API keys,” Klippsten wrote. “We believe this was a targeted attack on marketing third parties, such as HubSpot, and will continue to vigilantly monitor all activity.”
Klippsten on March 22, 2022, reported an update on the HubSpot incident.
“Approximately 0.2% of the dataset included a limited historical snapshot of USD deposits,” Klippsten said. “The inclusion of this data occurred against company policy, and we have conducted a full post-mortem to ensure this cannot happen in the future. Approximately 1.2% of the dataset included clients’ intended investment range or the median net worth of their approximate geographic area.”
We previously announced that our client communications vendor, Hubspot, was hacked.— Swan Bitcoin (@SwanBitcoin) March 22, 2022
After an additional forensic investigation of the Hubspot data leak, we found more information to report.
Please see the attached screenshots for the details. pic.twitter.com/htFsLHomRX
Another affected customer, BlockFi, tweeted confirmation on March 18, 2022, that hackers gained access to client data housed on the HubSpot platform. It confirmed that account passwords, government-issued ID numbers and social security numbers were not compromised.
Regarding recent third-party data incident: pic.twitter.com/50z7IrQ1za— BlockFi (@BlockFi) March 19, 2022
Breach Highlights Sensitive Data Concerns
Surges in technological advancements create the perfect environment for cybercrime to flourish, according to Camellia Chan, CEO and founder of X-PHY, a Flexxon brand. Chan told CMSWire of the HubSpot incident, “Unfortunately, this isn’t terribly surprising."
“With the rapid development of digital currencies was sure to come a rise in the cybersecurity risks associated with it,” she added. “This incident spotlights a much wider issue — the quantity of sensitive data that these types of organizations store across the enterprise.
"Continuing to be unprotected puts not only a specific business at risk, but threatens the potential growth, development and future success of the entire digital currency industry. As such, the leaders of, and security teams at these companies need to quickly find reliable solutions to stop themselves from falling victim.”
Related Article: 4 Ways AI Should Be Playing a Role in Your DX Strategy
Cryptocurrency Systems an Intended Target
This isn’t the first time cryptocurrency systems have been subjected to hacker attacks and cybersecurity breaches. Chainalysis reported in January that North Korean cybercriminals in 2021 launched at least seven attacks on cryptocurrency platforms. The take? Nearly $400 million worth of digital assets.
Investment firms and centralized exchanges were the primary targets. Hackers used phishing lures, code exploits, malware and advanced social engineering to steal money from internet-connected “hot” wallets and transfer it to North Korean-controlled addresses, according to Chainalysis.
Earlier this month, the US Treasury Department warned cryptocurrency companies about their cybersecurity controls, fearing Russia could conduct cyber attacks in response to Western sanctions over its invasion of Ukraine.
Cybersecurity attacks continue to threaten other verticals, too, such as healthcare. The Office for Civil Rights (OCR) in a March 17, 2022 cybersecurity newsletter reported that throughout 2020 and 2021, hackers have targeted the healthcare industry seeking unauthorized access to valuable electronic protected health information (ePHI).
The number of breaches of unsecured ePHI affecting 500 or more individuals due to hacking or IT incidents increased 45% from 2019 to 2020. Further, the number of breaches due to hacking or IT incidents accounted for 66% of all breaches affecting 500 or more individuals reported to OCR in 2020.
The most common types of attacks include phishing emails, exploitation of known vulnerabilities and weak authentication protocols.
“If an attack is successful,” OCR officials wrote, "the attacker often will encrypt a regulated entity’s ePHI to hold it for ransom, or exfiltrate the data for future purposes including identity theft or blackmail.”
Have a tip to share with our editorial team? Drop us a line: