HubSpot is a popular CRM tool that many companies use to store their users’ details, such as phone numbers, names, email addresses, etc. These companies use the information they collect to facilitate their marketing attempts. They also use them to monitor the success of their marketing campaigns.
So, it’s not surprising that hackers will target the tool because they need those personal details to perpetrate all kinds of exploits targeting those users whose details they have.
This is the major reason for the hit on HubSpot. Unfortunately, many companies who use the tools expose their users to cybercriminals. Some of the companies affected by the hack include Circle, BlockFi, NYDIG, and Swan Bitcoin.
Presently, the HubSpot team is saying that what the hackers took was user information stored in their tool. But as for internal information such as passwords, the team said they’re safe. This is possible because the hackers could not access that information since HubSpot is an external tool.
Details Of The HubSpot Hack
From what the company said, it seems that the hacker aims to exploit stakeholders of these companies and make demands on them. The hacker accessed one of the HubSpot employee accounts and used it to reach out to his targets. He has already reached up to 30 clients, and the number is still counting.
We also learned that many of the users of the affected companies are reporting phishing attacks already. The uptick is a target or a lure to expose their password to the attacker via an infected website. This is typical of what these phishing emails do. It will redirect users to a fake website and demand their password, automatically exposing their details to hackers.
There have been other incidents like this on HubSpot. For example, two years back, BlockFi also faced this situation when one of the employees’ SIM cards was taken over by a hacker. As a result of the incident, BlockFi employed a Chief Security Officer to prevent such things from happening.
Apart from BlockFi, Pantera Capital also faced this situation last month, and many of its clients got Phishing emails on March 19th, 2022. With all these occurrences, this hack may have occurred even before now. But the company hadn’t revealed when it took place.
Featured image from Pixabay, chart from TradingView.com