Hacker Stole Customer Data From Circle, BlockFi And More

A hacker stole customer data from Circle, BlockFi, and other portals according to the report by Hubspot but there wasn’t a detailed list provided of which accounts were compromised so let’s read more in today’s latest cryptocurrency news.

Crypto companies invest in cybersecurity but hackers can still barge in and attack their third-party vendors. This is what happened to Circle, Pantera Capital, BlockFi, NYDIG, and other crypto companies that disclosed over the weekend that a hacker stole customer data. In emails to clients, the companies noted that Hubspot which is a marketing and sales platform had informed them that a hacker gained access to the personal data of the customers. Pantera Capital wrote:

“Pantera uses Hubspot as a client relationship management platform. … The information that may have been accessed includes first and last names, email addresses, mailing addresses, phone numbers, and regulatory classifications.”

Pantera added that its internal systems were not affected by the incident that the hacker didn’t manage to gain access to any Social Security Numbers or any sort of IDs provided by customers. Hubspot described the attack as a targeted incident focused on customers in the crypto industry, saying that a bad actor compromised the employee’s account. Hubspot added that the data was exported from less than 30 HubSpot portals but didn’t provide a list of clients that got their accounts compromised.

The identities of the affected companies were made known as a result of the companies themselves alerting the customers whcih is a common practice intended to warn those customers and to reduce legal exposure from these incidents and some of which resulted in class action suits while others resulted in fines from regulators like the Federal Trade Commission. The full extent of the hack is unclear so far because Hubspot hasn’t disclosed how much data was dote but given the likes of Blockfi and Circle have millions of customers and it is possible the hack was big.

The company wrote that the customers’ funds and the financial transaction data and KYC were not affected but added that the clients’ contract information got stolen. It is unclear what the hacker aims to do with the data and in many cases, the hackers sell the customer data on dark web forums where criminals buy it to carry out even further hacks or phishing scams. In the case of the Hub spot incidents, it is possible that the hacker could use contact information like email addresses to guess the victims’ passwords and steal their crypto.

The emails from Circle referred to phishing as well but it didn’t say directly that it motivated the attack.