The New Jersey-based crypto financial firm BlockFi confirmed a data breach incident via Hubspot, one of its third-party vendors. BlockFi’s proactive warning about the breach aims to deter the bad actors from misusing the data for fraudulent activities.
According to the Twitter announcement, on March 18, the hackers gained unauthorized access to BlockFi’s client data stored on Hubspot. Hubspot stores user data such as names, phone numbers, and email addresses as a third-party customer relationship management platform. In situations like this, the bad actors use the information to conduct large-scale phishing attacks and gain access to accounts with user-provided passwords.
Regarding recent third-party data incident: pic.twitter.com/50z7IrQ1za— BlockFi (@BlockFi) March 19, 2022
At the moment, BlockFi is working with Hubspot to gain clarity on the overall impact of the data breach. While the exact details of the incident are yet to be revealed, the crypto lending platform assured its users that sensitive data such as passwords, government-issued IDS, and social security numbers “were never stored on Hubspot.”
In addition, BlockFi announced that its internal system and client funds were not touched, and the breach is limited to the third-party vendor, Hubspot. Furthermore, the firm recommended four methods to users for protecting their online presence from bad actors. These include creating a strong password, enabling two-factor authentication (2FA), allowing only trusted applications, and being vigilant against scammers.
On an ending note, BlockFi acknowledged that time is an important factor, and the team is speeding up their investigation to find the extent of the breach. The company added, “Additional information will be emailed to all impacted clients in the coming days.” BlockFi users were further advised to be wary of all company communications, especially regarding changes of personal details like passwords and wallet addresses.
A few months ago, another crypto lending and borrowing platform, Crypto.com, experienced a similar incident. In an interview, Crypto.com CEO Kris Marszalek revealed that the platform suffered a security breach, affecting 400 user accounts. However, the team quickly reacted by stopping all unauthorized withdrawals and investigating the breach. In fact, the withdrawal restrictions were lifted within just 14 hours.