BlockFi, the New Jersey-based cryptocurrency financial facility, has confirmed a data breach case through one of its third providers, Hubspot. BlockFi's warnings about the breach are intended to deter the intentions of bad actors to take advantage of users' data for phishing.
According to the announcement, the hackers gained access to BlockFi's customer data on Friday. These data are stored on Hubspot, a customer relationship management platform: "Hubspot has confirmed that a third party has illegally accessed BlockFi customer data stored on their platform."
As a third-party provider to BlockFi, Hubspot stores data about customers such as names, email addresses, and phone numbers. Bad guys have long used this information to carry out fake attacks and access accounts from users' passwords.
Regarding recent third-party data incident: pic.twitter.com/50z7IrQ1za
— BlockFi (@BlockFi) March 19, 2022
At the time of the announcement, BlockFi is assisting Hubspot's investigations to shed light on the impact of this data breach. While the exact information of the compromised data has not been identified and disclosed, BlockFi reassured users by stressing that personal data — including passwords, government-issued id numbers and Social Security numbers — "have never been stored on Hubspot."
In addition, BlockFi also confirmed that its internal system and customer funds were not affected and that the breach only occurred to their third party, Hubspot.
In addition, the company recommends four ways to help users protect their online presence from bad actors – good password protection, two-factor authentication (2FA), enabling the Allowlisting app on BlockFi, and being wary of scammers.
BlockFi also confirmed that it is urgently and speeding up investigations to determine the extent of the breach: "Detailed information will be emailed to affected customers in the coming days."
Investors should be wary of all notifications from the company, especially those that urgently require changes to personal information including passwords and wallet addresses.
On Friday, the newly launched "Rare Bear" NFT project was also attacked, causing nearly $80,000 in damage to the NFT. The attack was carried out by a hacker who posted a fake link on the project's Discord channel and stole 179 NFT.
