New Jersey-based crypto-financial institution BlockFi confirmed a data breach incident through one of its third-party providers, Hubspot. BlockFi’s proactive warning about the breach is intended to deter malicious intent to reuse user data for fraudulent activity.
According to the AnnouncementOn Friday, March 18, the hackers gained access to BlockFi’s customer data stored on Hubspot, a customer relationship management platform:
“Hubspot has confirmed that an unauthorized third party has gained access to certain BlockFi client data residing on their platform.”
As a third-party vendor to BlockFi, Hubspot has stored user data such as names, email addresses, and phone numbers. In the past, malicious parties have used such information to conduct phishing attacks and gain access to accounts through user-supplied passwords.
With regard to a recent third-party data incident: pic.twitter.com/50z7IrQ1za
— BlockFi (@BlockFi) March 19, 2022
At the time of writing, BlockFi is supporting Hubspot’s investigation to clarify the overall impact of the data breach. While the exact details of the breached data have yet to be identified and disclosed, BlockFi reassured users by emphasizing that personal information — including passwords, government-issued IDs, and Social Security numbers — “is never stored on Hubspot.”
In addition, BlockFi has also confirmed that the internal system and customer funds have not been used and that the breach is limited to the third-party supplier, Hubspot.
The company further recommended four methods to help users protect their online presence from malicious parties: good password hygiene, two-factor authentication (2FA), trusted applications on the allow list and vigilance against scammers.
Finally, BlockFi recognized that time is of the essence and are speeding up their investigations to identify the extent of the breach:
“Additional information will be emailed to all affected customers in the coming days.”
Investors are advised to be wary of all corporate communications, especially when it calls for urgency in requesting/changing personal information, including passwords and wallet addresses.
Related: Rare Bears Discord Phishing Attack Hits $800K in NFTs
On Friday, March 18, the newly launched nonfungible token (NFT) project Rare Bears was attacked, resulting in the theft of nearly $800,000 worth of NFTs.
Unfortunately, Discord has been compromised. Please DO NOT click any links, plug in your wallet and block all incoming DMs in our discord. Our team is currently working on the situation
— Rare Bears (@BearsRare) March 17, 2022
As Coin-Crypto reported, the attack was carried out by a hacker who posted a phishing link in the project’s Discord channel and ended up stealing 179 NFTs.