A data breach at a third-party platform has put BlockFi’s users’ data in the hands of bad actors. The incident adds to a growing list of problems for the cryptocurrency platform.
The Data Breach
BlockFi disclosed to the general public that it had suffered a data breach over the weekend that put customers’ data in jeopardy. The announcement clarified that the breach was from Hubspot, a client relationship management platform that housed clients’ data.
BlockFi allayed the fears of its users by stating that the funds of clients were not affected in any way. “We can also confirm that BlockFi account passwords, government-issued ID numbers, and social security numbers were never stored on Hubspot,” read the announcement.
The firm added that the purpose of the announcement was for users to be aware and take further steps to protect themselves. The post suggested tips for users to adhere to maintaining the absolute security of their accounts. They include the practice of good password hygiene, use of two-factor authentication, and turning on Allowlisting for BlockFi.
BlockFi added that it was working with Hubspot to get the finer details of the hack and stated that it will be sending new information to the emails of affected users. In 2020, BlockFi suffered a major breach after an employee’s sim card was compromised, leading to the employment of a new Chief Security Officer.
Hubspot’s Bad Day
Hubspot was used to store the information of users such as names, emails, and phone numbers with the primary aim being marketing. The breach affected Swan Bitcoin and BlockFi the hardest, although both companies have downplayed the incidents as having any real effects.
However, some users have reported an increase in the number of phishing emails. Hubspot disclosed that 30 companies were affected by the attack with Pantera Capital announcing back in February that its account on the platform had been affected by a breach.
Early reports are suggestive that the cause was a hacker gaining access to the account of an employee and using the access on cryptocurrency firms. Hubspot failed to disclose the timeline of events and so, it is difficult to ascertain the time the incursions into the systems began.
