New Jersey-based cryptocurrency financial organization BlockFi has confirmed a data breach incident through one of its third-party vendors, Hubspot. BlockFi’s Proactive Violation Alert is intended to deter attackers from repurposing user data for fraudulent activities.
According to the announcement, hackers got access to BlockFi customer data on Friday, March 18 that was stored on Hubspot, a customer relationship management platform:
“Hubspot has confirmed that an unauthorized third party has gained access to certain BlockFi client data hosted on their platform.”
As a third party provider of BlockFi, Hubspot stores user data such as names, email addresses, and phone numbers. Historically, attackers have used such information to carry out phishing attacks and gain access to accounts using user-provided passwords.
Regarding the recent third-party data incident: pic.twitter.com/50z7IrQ1za
— BlockFi (@BlockFi) March 19, 2022
At the time of writing, BlockFi is supporting the Hubspot investigation to clarify the overall impact of the data breach. While the exact details of the stolen data are yet to be revealed and disclosed, BlockFi assured users, emphasizing that personal data, including passwords, government-issued IDs, and social security numbers, “has never been stored on Hubspot.”
In addition, BlockFi also confirmed that there was no access to its internal system and client funds and that the breach remains limited to the third party provider, Hubspot.
The company also recommended four methods to help users protect their online presence from intruders: careful password hygiene, two-factor authentication (2FA), a list of trusted apps, and vigilance against scammers.
BlockFi concluded by acknowledging that time is of the essence and is speeding up its investigations to determine the extent of the breach:
“More information will be emailed to all affected customers in the coming days.”
Investors are advised to be wary of all company communications, especially those that require urgency when requesting/changing personal data, including passwords and wallet addresses.
Connected: Rare Bears Discord phishing attack stole $800,000 in NFTs
On Friday, March 18, the newly launched Rare Bears non-fungible token (NFT) project was attacked, resulting in the theft of almost $800,000 in NFTs.
A warning @bearsrare
Discord has unfortunately been compromised. Please DO NOT click on any links, connect your wallet and block all incoming DMs in our discord. Our team is working on the situation as we speak.— Rare Bears (@BearsRare) March 17, 2022
As Cointelegraph reported, the attack was carried out by a hacker who posted a phishing link on the project’s Discord channel and ended up stealing 179 NFTs.