BlockFi, a crypto financial institution based in New Jersey, confirmed a data breach incident through one of its third-party providers, Hubspot. Hubspot, which stores user data, is the target of many malicious hackers.
Hacks infiltrated the cryptocurrency platform
As a third-party vendor of BlockFi, Hubspot stores user data such as names, email addresses, and phone numbers. Malicious people, on the other hand, use this information to make phishing attacks and access accounts through passwords set by users. Hackers accessed customer data stored on BlockFi’s customer relationship management platform Hubspot on Friday, March 18, according to the announcement:
Hubspot has confirmed that an unauthorized third party has accessed some BlockFi customer data located on their platform.
BlockFi is supporting Hubspot’s investigation to gain clarity on the scope of this data breach. While the exact details of the stolen data have not been revealed yet, BlocFi assured users that personal data, including passwords, government-issued IDs and social security numbers, is not stored on Hubspot.
How did hacks get past the firewall?
BlockFi announced that one of its third-party providers, Hubspot, was responsible for a security vulnerability that occurred on Friday. Through a series of tweets, the company claimed that the attacks had no impact on internal systems or, more importantly, on customer cash. The company also said that an investigation is ongoing to determine the full extent of the impact of the data breach. According to the agency, consumers will be informed about data breaches, in line with the philosophy of transparency, before using information obtained by bad people against customers.
Finally, BlockFi stated that time is of the essence and accelerated their investigation to determine the extent of the data breach:
Detailed information will be sent to our affected customers via e-mail in the coming days.
On the other hand, investors are advised to be wary of all company communications that require urgency to request or change personal information, especially passwords and wallet addresses.