BlockFi, a crypto-finance company based in New Jersey, says that one of its third-party vendors, Hubspot, has committed a user data breach. Previously, users of CoinMarketCap (CMC) and Crypto.com have been victims of a security hack. BlockFi’s proactive warning about the breach serves as a deterrence to potential attackers from using the user data for fraudulent purposes.
Unauthorised Access To User Data Via HubSpot
According to the company’s announcement on Twitter, the hackers gained illegal access to some of its customer data on Friday, March 18. The data was stored on Hubspot, a Customer Relationship Management (CRM) tool for sales, marketing purposes and customer support services. The announcement reads:
“Hubspot has confirmed that an unauthorized third-party gained access to certain BlockFi client data housed on their platform.”
Regarding recent third-party data incident: pic.twitter.com/50z7IrQ1za
— BlockFi (@BlockFi) March 19, 2022
Hubspot, one of BlockFi’s third-party vendors, kept information about users like their names, emails, and phone numbers. In the past, bad people have used the data to run phishing attacks and get unauthorised access to user accounts via user-provided passwords.
Speed Up Investigation Into The Data Breach
As of the time of this writing, the crypto financial institution is working with Hubspot to gain clarity on how the data breach will affect users and the whole company. There are still a lot of unknowns about what happened to the data that was leaked. But BlockFi reassured users that personal data like government-issued IDs, passwords, and social security numbers “were never stored on Hubspot.”
BlockFi has also said that its internal system and client funds were not hacked and that the breach is still only with the third-party vendor, Hubspot.
Good password hygiene, two-factor authentication (2FA), allowlisting for BlockFi and vigilance against scammers were recommended to protect your online presence.
Here are steps to protect your online presence from third-party bad actors: pic.twitter.com/tOKf16wOuf
— BlockFi (@BlockFi) March 19, 2022
In addition, BlockFi said that time is of the essence, so they are speeding up their investigation to find out the extent of the breach:
“Additional information will be emailed to all impacted clients in the coming days.”
Investors should be alert for all company communication, especially in emergency situations where users request or change personal information such as account passwords and wallet addresses.