Hacking HubSpot compromised customer data from Circle, BlockFi, Pantera Capital and other crypto services – DiarioBitcoin

US authorities capture nuclear engineer after receiving cryptocurrencies for the sale of secret plans - DiarioBitcoin

Hacking HubSpot compromised customer data from Circle, BlockFi, Pantera Capital and other crypto services - DiarioBitcoin By Angel Di Matteo @shadowargel

Reports suggest that a phishing attack targeting a member of Hub Spot It was the mechanism used by the hacker who stole the data of the affected companies. The latter notified their users to take the corresponding measures.


Recent published reports revealed that companies such as Circle, BlockFi, Pantera Capital, NYDIG and many others from the cryptocurrency space were victims of a security breach in which hackers stole data associated with the users of the services in question.

Theft of user data Hub Spot

According to published reports, the companies reported that the security breach was present at the marketing and sales company level. Hub Spot, which provides services to the affected entities. Therefore, the security breach was made through a third party, which was the victim of an attack where the data was stolen.

In the mail sent by Capital Panther, The entity informed its users of the following:

“Pantera uses Hubspot as a relationship management platform for customers… The information you may have accessed [el hacker] includes first and last names, email addresses, zip codes, phone numbers, and regulatory classifications.”

Among other details, Pantera highlighted that its “Internal Systems” were not affected in the incident, so the responsible hacker could not access any of the data handled by the company, among which important information such as social security or government identification numbers stand out.

See also  US Federal Reserve decrees a new increase of half a percentage point in interest rates - DiarioBitcoin

By the side of Circle, the company similarly informed its users and indicated that the clients’ contact information was stolen and added:

“Customer funds, financial transaction data and information associated with the Know Your Customer (KYC) system were not affected”

Some facts about the attack

Regarding the attack perpetrated against Hub Spot, The company offered more details about the event in a publication made through its official blog, where it indicated that it took place last weekend and that a possible attack of the type is being handled as a hypothesis. phishing led by one of the employees.

The post reads:

“On March 18, we learned that a bad actor compromised a HubSpot employee account. While our investigation is still ongoing and we continue to obtain additional details, initial assessment suggests that the data was exported from fewer than 30 HubSpot portals, all of which have been reported. At this time, we believe this is an incident targeting customers in the cryptocurrency industry. We’ve terminated access to the compromised HubSpot employee’s account and removed the ability for other employees to perform certain actions on customer accounts. We take the privacy of our customers and their data very seriously.”

As such Hub Spot It did not reveal which companies were affected after the attack, but this information was released because the same entities notified their users through emails to alert them to what had happened. At the moment, the global scope of the attack is not clear, since at the moment the amount of data that was stolen is unknown.

See also  Tech Experts Urge Washington to Turn Its Back on Crypto 'Lobbyists'

In this regard, the founder of the antiphishing service used by cloudflare, Oren Falkowitz noted:

“It is obvious that the main cause of the attack against HubSpot was phishing. Phishing attacks continue to be the root cause of 95% of phishing attacks. What’s so pernicious about these types of attacks…that HubSpot fell victim to, is that they start a cycle of more phishing, which is already being reported by HubSpot customers.”

Usefulness of data for hackers

Regarding the destination of the data, analysts hypothesize that hackers could be interested in marketing them through dark web forums, a very common practice in which they are sold to the highest bidder for generally criminal purposes.

However, since the theft targeted companies such as Circle and BlockFi, It is believed that they could also use this contact information to try to steal passwords and other data that can be used to access the accounts, with which they would try to get hold of the funds of the users.

Recommended reading

Source: Decrypt, hubspot release

Angel Di Matteo version / DailyBitcoin

Picture of unsplash

WARNING: This is an informative article. DiarioBitcoin is a means of communication, it does not promote, endorse or recommend any investment in particular. It is worth noting that investments in crypto assets are not regulated in some countries. May not be suitable for retail investors as the full amount invested could be lost. Check the laws of your country before investing.

See also  US Secret Service has seized more than $102 million in cryptocurrencies since 2015 - DiarioBitcoin

Leave a Comment

Your email address will not be published.