Security News > 2022 > March > HubSpot Data Breach Ripples Through Crytocurrency Industry

A rogue employee working at HubSpot - used by more than 135,000 customers to manage marketing campaigns and on-board new users - has been fired over a breach that zeroed in on the company's cryptocurrency customers, the company confirmed on Friday.

The breach has rippled through the crypto industry: As of Monday, crypto lending platform BlockFi, bitcoin-purchasing automation platform Swan Bitcoin, bitcoin company NYDIG, peer-to-peer payments technology company Circle and cryptocurrency fund Pantera Capital had been affected.

Threatpost asked HubSpot for a full list of affected HubSpot cryptocurrency customers, as well as confirmation of what superpowers its super admins have over customer data stored in the customer relationship management platform.

HubSpot said that it learned on Friday that a "Bad actor" had compromised a HubSpot employee account - namely, what sounds like one of the 'super admin' accounts HubSpot has on both internal and external sides of its platform, according to another HubSpot super admin - and that the attack was focused on stealing data from its cryptocurrency industry customers.

At least initially, it looked like data swept up in the breach was limited to names, emails, account types, phone numbers and, in some cases, company names, Swan said.

Are there operational processes that can limit potential data exposure from a breach of a partner like maximum data retention lifetimes?

News URL

https://threatpost.com/hubspot-data-breach-crytocurrency-industry/179086/