BlockFi confirms unauthorized access to Hubspot-hosted client data.
Hubspot, as a third-party vendor for BlockFi, stored user data such as names, email addresses, and phone numbers, which has historically been used in phishing attacks.
BlockFi, a crypto financial institution based in New Jersey, confirmed a data breach incident through one of its third-party vendors, Hubspot. BlockFi’s proactive breach notification aims to deter bad actors from repurposing user data for fraudulent purposes.
Hubspot stored user data such as names, email addresses, and phone numbers as a third-party vendor for BlockFi. Historically, bad actors have used such information to launch phishing attacks and gain access to accounts via user-supplied passwords.
At the time of writing, BlockFi is assisting Hubspot’s investigation to determine the extent of the data breach. While the specifics of the breached data have yet to be identified and revealed, BlockFi reassured users by emphasising that personal data, such as passwords, government-issued IDs, and social security numbers, “were never stored on Hubspot.”
Furthermore, BlockFi has confirmed that neither its internal system nor client funds were accessed, and that the breach was limited to the third-party vendor, Hubspot.
The company also advised users to practise good password hygiene, two-factor authentication (2FA), allowlisti trusted applications, and be wary of scammers.
Investors are cautioned to be wary of any company communication, particularly those that demand immediate action in requesting/changing personal information such as passwords and wallet addresses.
