Latest news about Bitcoin and all cryptocurrencies. Your daily crypto news habit.
As a third-party vendor for BlockFi, Hubspot stored user data such as names, email addresses and phone numbers, which has been historically used for conducting phishing attacks.
New Jersey-based crypto financial institution BlockFi confirmed a data breach incident via one of its third-party vendors, Hubspot. BlockFiâs proactive warning about the breach aims to deter the intentions of bad actors in repurposing the user data for fraudulent activities.
According to the announcement, the hackers gained access to BlockFiâs client data on Friday, March 18, that were stored on Hubspot, a client relationship management platform:
âHubspot has confirmed that an unauthorized third-party gained access to certain BlockFi client data housed on their platform.â
As a third-party vendor for BlockFi, Hubspot stored user data such as names, email addresses and phone numbers. Historically, bad actors have used such information for conducting phishing attacks and gaining access to accounts through user-provided passwords.
Regarding recent third-party data incident: pic.twitter.com/50z7IrQ1za
â BlockFi (@BlockFi) March 19, 2022
At the time of writing, BlockFi is supporting Hubspotâs investigation to gain clarity on the overall impact of the data breach. While the exact details of the breached data are yet to be identified and revealed, BlockFi reassured users by highlighting that personal data â including passwords, government-issued IDs and social security numbers â âwere never stored on Hubspot.â
In addition, BlockFi has also confirmed that its internal system and client funds were not accessed and that the breach remains limited to the third-party vendor, Hubspot.Â
The company further recommended four methods to help users protect their online presence from bad actors â good password hygiene, two-factor authentication (2FA), allowlisti trusted applications and vigilance against scammers.
On an end note, BlockFi acknowledged that time is of the essence and are expediting their investigations to identify the extent of the breach:
âAdditional information will be emailed to all impacted clients in the coming days.â
Investors are advised to be wary of all company communication, especially that demand urgency in requesting/changing personal details including passwords and wallet addresses.
Related: Rare Bears Discord phishing attack nabs $800K in NFTs
On Friday, March 18, the recently launched nonfungible token (NFT) project âRare Bearsâ was attacked, resulting in a theft of nearly $800,000 in NFTs.
Warning @BearsRare
Discord has unfortunately been compromised. Please DO NOT click any links, connect your wallet and block all incoming DMs in our discord. Our team are working on the situation as we speakâ Rare Bears (@BearsRare) March 17, 2022
As Cointelegraph reported, the attack was conducted by a hacker who posted a phishing link in the projectâs Discord channel and eventually stole 179 NFTs.
Publication date
Disclaimer
The views and opinions expressed in this article are solely those of the authors and do not reflect the views of Bitcoin Insider. Every investment and trading move involves risk - this is especially true for cryptocurrencies given their volatility. We strongly advise our readers to conduct their own research when making a decision.