Crypto financial firm BlockFi confirmed a data breach incident at one of its third-party vendors, Hubspot. As per the announcement, the hackers gained illegal access to the lending platform’s data on Mar. 18, which was hosted on its client relationship management platform Hubspot.
Hubspot has confirmed that an unauthorized third-party gained access to certain BlockFi client data housed on their platform.
As a third-party vendor for BlockFi, Hubspot stores user data such as names, email addresses, and phone numbers. In a situation like this, bad actors often target such information for conducting phishing attacks and gaining access to accounts through user-provided passwords.
BlockFi clarifies that personal data were “were never stored on Hubspot”
BlockFi revealed that at the moment it is working together with Hubspot to understand the overall impact of the data breach. While the exact details of the incident are not specified, the crypto lender reassured users that extremely sensitive data such as passwords, government-issued IDs, and social security numbers “were never stored on Hubspot.”
The firm further recommended four methods to help users protect their online presence from bad actors such as creating strong passwords, two-factor authentication [2FA], allowing only listing trusted applications, and being more vigilant against scammers.
BlockFi then ended the post by acknowledging that time is of the essence and the team is speeding up their investigations to identify the extent of the breach and noted that “additional information will be emailed to all impacted clients in the coming days.”
Investors were further asked to keep tabs on future communication, especially with regards to requesting/changing personal details including passwords and wallet addresses.
A few months ago, a similar incident took place in one of the largest cryptocurrency exchanges -Crypto.com. CEO Kris Marszalek in an interview with Bloomberg informed that the exchange suffered a security breach that affected 400 accounts in the process.
Marszalek said the platform “very quickly stopped” unauthorized withdrawals and restrictions were lifted within 14 hours. Obviously, it’s a great lesson and we are continuously strengthening our infrastructure,” Marszalek told. “Given the scale of the business, these numbers are not particularly material and customer funds were not at risk.”