With the growing adoption of blockchain technology, and the explosion of crypto in the last few years, the issue of Cyber Security has never been more important.
Over the past weekend Sales & Marketing platform, Hubspot, released a security report revealing an incident where approximately 30 Hubspot portals were hacked and data compromised.
“At this time, we believe this to be a targeted incident focused on customers in the cryptocurrency industry. We have terminated access for the compromised HubSpot employee account and removed the ability for other employees to take certain actions in customer accounts. We take the privacy of our customers and their data incredibly seriously.”
HubSpot Press Release
The report continued that an investigation is ongoing but would not go in to further details. It is interesting that the cryptocurrency industry was the specific target of this attack. As of now, cryptocurrency players BlockFi, Circle, Pantera Capital and NYDIG have all confirmed that they were alerted as being affected by the hack.
Go Phish
The security breach appears to have been a phishing attack to get personal information on customers and clients from the above companies. Information that may have been obtained includes: first and last names, email addresses, mailing addresses, phone numbers, and regulatory classifications.
HubSpot has not given more details as to how much data was compromised. However, given that companies like BlockFi and Circle have large customer bases, it’s possible this was a major data breach.
“It’s obvious that the root cause of the cyber attack against HubSpot was phishing. Phishing attacks continue to be the root cause of 95% of cyberattacks,”
Oren Falkowitz, founder of anti-phishing service Area 1, said in an interview with Decrypt.
Phishing In Dangerous Waters
You might be thinking “how can someone’s name and email address be compromising?”.
While having someone’s basic personal information may seem like no cause for alarm, possession of this information can lead to targeted attacks.
Usually bad actors with this information will contact the person via email or text and pretend to be from a legitimate company and attach a malicious link. If the person falls for this then they can unknowingly open up their entire financial and personal access to malicious actors. The information can then be sold along and the person is re-targeted by another group.
“What’s so pernicious about these types of attacks, and the lack of accountability of holders of so much identity data, such as HubSpot, is that they initiate a cycle of more phishing, which is already being reported by HubSpot customers.”
Falkowitz (continued from above)
How Secure Are You in CyberSpace?
Data breaches, ransomware, phishing hacks & DoS attacks continue to make headlines. While big headline events like the $11M Ransomware Attack in 2021 are eye catching, individual consumers should be just as concerned about the increasing number of phishing attacks that put their own information at risk to bad actors.
One of the more well-known incidents involved the Ledger Cold Wallet database of customers. That phishing attack resulted in customers being contacted well over 12 months after the incident via malicious text messages and emails.
As consumer data continues to be sought by bad actors, trusting centralized parties with your personal information may not be the best strategy going forward. In fact, this is one of the arguments made by crypto enthusiasts who are passionate about decentralization. As centralization can cause a single point of failure (or exploit), consumers should be careful and cautious about giving out personal information unless mandatory. Even then, consider the company in question and take all variables into account.
For a comprehensive overview of staying safe in Crypto, take the security check DeFi Security: Best Practices.
