BlockFi Records Data Breach on Hubspot of its Third-Party Vendor
BlockFi, an American cryptocurrency platform to buy, sell and earn crypto, has confirmed that some of its client's data stored on Hubspot, a Customer Relationship Management platform, have been compromised.
Confirming the incident on Twitter, BlockFi said the compromised data were limited to name, email addresses, and phone numbers.
BlockFi said it proactively informs its affected clients of the incident, which is suspected of being tilted toward a phishing attack before the bad actors attempt to utilize the stolen data. The investigation regarding the hack is still ongoing. The platform confirmed that it does not store the most sensitive data, including BlockFi's account and its passwords, information of government-issued ID cards, and social security numbers on Hubspot; hence these are safe.
In a bid to allay all fears, BlockFi confirmed that no user's funds were stolen as the breach remains only with Hubspot. The platform advised its users to beware of emails sent with a demand in urgency to change passwords and the likes. The company asked its users to implement additional safeguards to improve their accounts' security.
As part of the recommendations BlockFi gave is the activation of Two-Factor Authenticator (2FA), the permission of the platform's 'Allowlisting' feature places withdrawal on at least a 7-day hold should a new address be listed for withdrawal. The platform said this can significantly protect its clients from being exploited by bad actors.
In whatever format they come, hacking or protocol breaches are not uncommon in the digital currency ecosystem, especially amongst cryptocurrency exchanges and Decentralized Finance (DeFi) platforms. Earlier this year, Singapore-based Crypto.com suffered the first major crypto exchange breach for the year as far back as January. This incident impacted about 400 accounts with more than $34 million lost.
Per the BlockFi-Hubspot breach, the platform said continuous collaborations would be advanced, and affected clients would be updated about discoveries in the near term.
Image source: Shutterstock
400 Crypto.com Accounts Hacked, CEO Confirms Reimbursement for all Victims