HubSpot hacked, putting major crypto firms at risk

Data on more than two dozen crypto firms stolen

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

HubSpot suffered a cyberattack that saw data belonging to a number of high-profile cryptocurrency businesses taken, the company confirmed.

In ablog post, HubSpot said that a bad actor compromised an account of one of its employees, and used it to target its customers in the cryptocurrency industry.

HubSpot claims data was exported from “fewer than 30 HubSpot portals,” and that the company notified all affected firms, terminated the account, and reworked its account privileges to make sure something like this doesn’t repeat.

We’re looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn’t take more than 60 seconds of your time. Thank you for taking part.

Click here to start the survey in a new window«

Pantera, Circle, BlockFi affected

Although HubSpot did not say which companies were affected, some media managed to discover a few names.Decryptpublished a letter that Pantera Capital, an American hedge fund that specializes in cryptocurrencies, sent out to its customers, which said “Pantera uses Hubspot as a client relationship management platform. The information that may have been accessed includes first and last names, email addresses, mailing addresses, phone numbers, and regulatory classifications,”

Pantera added that its internal systems weren’t affected, and that the threat actor didn’t access social security numbers, or government IDs belonging to its customers.

Other companies, according to the same source, include Circle, BlockFi, and NYDIG. The full extent of the breach will probably be clear in the coming days and weeks, althoughDecryptbelieves it could be “major”.

Hackers are minting their own crypto to use in elaborate phishing scams>Hackers hit bZX DeFi platform, stealing millions of dollars of crypto>Hundreds of NFTs stolen from OpenSea wallets - here’s what you need to know

Circle told its customers that the threat actor took client contact information, but funds, financial transaction data, and Know Your Customer (KYC) data were not taken.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

“While our investigation is ongoing, we wanted to share these initial findings even as we may learn additional facts through our investigation that cause the details above to change or evolve,” HubSpot concluded.

No one has yet claimed responsibility for the attack, and we don’t know what they’ll do with the data, or how exactly HubSpot’sendpointsgot compromised. Chances are, they’ll try to sell it on the black market, where other threat actors might use it for stage-two attacks.

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

A new form of macOS malware is being used by devious North Korean hackers

Scammers are using fake copyright infringement claims to hack businesses

Quordle today – hints and answers for Saturday, November 9 (game #1020)