The crypto financial institution situated in New Jersey BlockFi reported a data leak via Hubspot, one of its third-party providers. BlockFi’s proactive incident notice is intended to dissuade malicious actors from repurposing user data for illicit reasons.
Regarding recent third-party data incident: pic.twitter.com/50z7IrQ1za
— BlockFi (@BlockFi) March 19, 2022
The hackers allegedly gained access to the platform’s client information stored on Hubspot, a client relationship management platform, on Friday, March 18.
“Hubspot has confirmed that an unauthorized third-party gained access to certain BlockFi client data housed on their platform,” the announcement says.
BlockFi said the attack was limited to Hubspot
Being a third-party provider for BlockFi, Hubspot held user data like names, email addresses, and phone numbers. Bad actors have previously used this information to carry out phishing attacks and obtain access to accounts using user-provided passwords.
BlockFi is assisting Hubspot’s investigation into the overall effect of the security breach at the time of writing. While the specific circumstances of the data breach are yet unknown, BlockFi comforted users by stating that personal information such as passwords, government-issued IDs, and social security numbers “were never stored on Hubspot.”
Furthermore, BlockFi has also confirmed that neither its administrative system nor client funds were touched and that the hack was limited to Hubspot, a third-party vendor.
Good password hygiene, two-factor authentication (2FA), allowing trustworthy applications, and awareness against scammers are among the four techniques recommended by the company to assist customers to protect their online presence from malicious actors.
Finally, BlockFi acknowledged that they are taking the matter seriously and moving quickly to determine the scope of the breach:
“Additional information will be emailed to all impacted clients in the coming days.”
Investors should be careful of any company communication that demands immediate action in requesting/changing personal information, such as passwords and wallet addresses.
As TheCoinRise reported, a newly launched NFT project Rare Bears was attacked on March 18, resulting in the loss of roughly $800,000 in NFTs. The attack was carried out by a hacker who used a phishing link on the project’s official Discord channel to steal 179 NFTs.
These attacks happened shortly after Animoca Brands promised compensation for 265 stoken ETH in the NFT drop on its Discord channel.