New Jersey-based crypto financial institution BlockFi confirmed a data breach incident via one of its third-party vendors, Hubspot. BlockFi’s proactive warning about the breach aims to deter the intentions of bad actors in repurposing the user data for fraudulent activities.
According to the announcement, the hackers gained access to BlockFi’s client data on Friday, March 18, that were stored on Hubspot, a client relationship management platform:
“Hubspot has confirmed that an unauthorized third-party gained access to certain BlockFi client data housed on their platform.”
As a third-party vendor for BlockFi, Hubspot stored user data such as names, email addresses and phone numbers. Historically, bad actors have used such information for conducting phishing attacks and gaining access to accounts through user-provided passwords.
Regarding recent third-party data incident: pic.twitter.com/50z7IrQ1za
— BlockFi (@BlockFi) March 19, 2022
At the time of writing, BlockFi is supporting Hubspot’s investigation to gain clarity on the overall impact of the data breach. While the exact details of the breached data are yet to be identified and revealed, BlockFi reassured users by highlighting that personal data — including passwords, government-issued IDs and social security numbers — “were never stored on Hubspot.”
In addition, BlockFi has also confirmed that its internal system and client funds were not accessed and that the breach remains limited to the third-party vendor, Hubspot.
The company further recommended four methods to help users protect their online…