HubSpot hack compromised customer data from Circle, BlockFi, Pantera Capital and other crypto services

Reports suggest that a phishing attack targeted at a member of HubSpot was the mechanism used by the hacker who stole the data from the affected companies. The latter notified their users to take the corresponding measures.

***

Recent published reports revealed that companies such as Circle, BlockFi, Pantera Capital, NYDIG and many others in the cryptocurrency space were victims of a security the term securities refers to a fungible and tradable financial instrument that carries a type of monetary value. breach in which hackers stole data associated with users of the services in question.

Theft of user data to HubSpot

According to published reports, the companies reported that the security breach was present at the company’s marketing and sales level. HubSpot, which provides service to the affected entities. Therefore, the security breach was done through a third party, which was the victim of an attack where the data was stolen.

En el correo enviado por Capital capital is most commonly defined as the large sum of money you would use to invest. Panther, the entity informed its users of the following:

“Pantera uses Hubspot as a relationship management platform a place to buy, sell and store cryptocurrency for customers… The information [the hacker] may have accessed includes first and last names, email addresses, zip codes, phone numbers, and regulatory classifications.”

Among other details, Pantera emphasized that their “Internal Systems were not affected in the incident, so the hacker responsible was unable to access any of the data handled by the company, including important information such as social security numbers or government identification numbers.

On the side of Circle, the company similarly informed its users and indicated that customer contact information was stolen and added:

“Customer funds, financial transaction data and information associated with the Know Your Customer (KYC) system were not affected.”

Some facts about the attack

In relation to the attack perpetrated against HubSpot, the company offered more details about the event in a publication made through its official blog, where it indicated that this took place last weekend and that it is handled as a hypothesis a possible attack of type Phishing when a scammer pretends to be a trusted institution or person to trick people into revealing sensitive information such as Social Security numbers, passwords, banking details, etc., often through a malware link disguised as legitimate. directed one of the employees.

The publication reads:

“On March 18, we learned that a bad actor compromised a HubSpot employee’s account. While our investigation is still ongoing and we continue to obtain additional details, initial assessment suggests that data was exported from fewer than 30 HubSpot portals, all of which have been notified. At this time, we believe this is an incident targeting customers in the cryptocurrency cryptocurrencies are digital currencies that use cryptographic technologies to secure their operation. industry. We terminated the account an account is essentially a whose purpose is to track the financial activities of a specific asset/ access of the HubSpot employee who was compromised and removed the ability for other employees to perform certain actions on customer accounts. We take the privacy of our customers and their data very seriously.”

As such HubSpot did not reveal which companies were affected after the attack, but this information became known because the same entities notified their users through emails to alert them about what happened. At the moment, it is not clear the global scope of the attack, since the amount of data that was stolen is unknown at the moment.

In this regard, the founder of the anti-phishing service used by Cloudflare, Oren Falkowitz, destacó:

“It is obvious that the root cause of the HubSpot attack was phishing. Phishing attacks continue to be the root cause of 95% of phishing attacks. What’s so pernicious about these types of attacks…that HubSpot fell victim to, is that they start a cycle of more phishing, which is already being reported by HubSpot customers.”

Usefulness of data for hackers

Regarding the destination of the data, analysts hypothesize that the hackers could be interested in commercializing it through dark web forums, a very common practice in which the data is sold to the highest bidder for generally criminal purposes.

However, given that the theft was directed at companies such as Circle y BlockFi, It is believed that they could also use this contact information to try to steal passwords and other information that could be used to log into accounts, in an attempt to get their hands on users’ funds.

• Ukrainian government cancels airdrop a marketing campaign that distributes a specific cryptocurrency or token to an audience. after reports of phishing threat, now plans to launch NFTs non-fungible token, a unique non-interchangeable piece of digital content that is stored on a distributed ledger (blockchain).
• OpenSea confirms phishing attack, but says it did not originate from its platform
• Binance CEO warns users about massive SMS phishing scam a scheme that is designed to dupe people out of cash or crypto.

Source: Decrypt , announcement HubSpot

Version by Angel Di Matteo / DiarioBitcoin

Imagen de Unsplash