HubSpot hit by hackers in search of cryptocurrency
Boston-area software company HubSpot said hackers stole data from “fewer than 30″ of its corporate customers who deal with cryptocurrency.
HubSpot’s software helps companies with online sales and marketing, and the hackers stole contact information of individual customers. The information included in some cases names, e-mail and mailing addresses, and phone numbers.
HubSpot said in a statement it learned on Friday that “a bad actor compromised a HubSpot employee account.” The company added, “At this time, we believe this to be a targeted incident focused on customers in the cryptocurrency industry.”
The company did not disclose when the data was initially stolen. The hackers were able to get access to the information of HubSpot’s customers by compromising an employee account, it said, because some employees, such as account managers and support specialists, had access to the data.
HubSpot said it terminated the compromised account and “removed the ability for other employees to take certain actions in customer accounts.”
The stolen information could be used as part of an attack to steal cryptocurrencies from customers by helping the crooks pose as the companies. Sending fake e-mails trying to steal a customer’s account login and password is known as a phishing attack.
Among the companies hit were Boston crypto company Circle Internet Financial, BlockFi, based in New Jersey, and Pantera Capital in California.
“Circle’s internal systems, customer funds and financial transaction data were not impacted by the security incident at HubSpot,” Circle said in a statement. “Sensitive personal information, like Social Security numbers or government-issued identification, were not accessed as this information is not stored on HubSpot. We have communicated with the affected parties and will follow up with them on any material developments as we continue to monitor and investigate the incident.”
BlockFi, which helps customers buy and sell crypto, said in a statement its internal systems and client funds “are safeguarded and were not impacted.”
“We wanted to make our clients aware of this incident before bad actors could utilize this information to their detriment,” the company said. “We felt time was of the essence, and we are expediently working through a full review of the facts.”
Pantera Capital did not immediately respond to a request for comment.
Shares of Cambridge’s HubSpot lost about 5 percent on Monday and have lost 29 percent so far this year.
Aaron Pressman can be reached at [email protected]. Follow him on Twitter @ampressman.