QUADRIGA INITIATIVE
CRYPTO WATCHDOG & FRAUD RECOVERY PLATFORM
A COMMUNITY-BASED, NOT-FOR-PROFIT
$0 USD
MARCH 2022
GLOBAL
SWAN BITCOIN
DESCRIPTION OF EVENTS
"Our mission is to walk alongside you on your journey into Bitcoin, the future of money."
"Swan is the best way to build your Bitcoin stack, with automated Bitcoin savings plans and instant purchases. Serving clients of any size, from $10 to $10M+."
"@SwanBitcoin had data they provided to @HubSpot for marketing hacked. It includes name, email addresses, account type, phone, and in some cases company name." "Hubspot, a third-party marketing vendor, confirmed a bad actor within their company gained access to Swan client marketing data."
“While it is true that financial data is not stored in the CRM, you should be aware that data associated with the users of these companies and their behaviors is logged in the CRM,” Warren wrote. “This puts users in a unique position to be targeted in social engineering attacks.”
"But as of Tuesday, the situation looked a bit more grim, as Swan followed up with more details uncovered in its forensic investigation. It turns out that 0.2 percent of the dataset included “a limited historical snapshot of USD deposits,” the company said – an inclusion that’s “against company policy.” The company said that it’s conducted a post-mortem to ensure that the slippage won’t happen again."
"BE AWARE of oncoming potential phishing attacks. I have not seen any public statement by @coryklippsten."
"HubSpot officials told CMS Wire that “Some employees have access to HubSpot accounts,” which allows certain employees – such as account managers and support specialists – to help out customers. “In this case, a bad actor was able to compromise an employee account and make use of this access to export contact data from a small number of HubSpot accounts,” HubSpot reportedly said."
"A full list of the affected clients has not been published, but the company said it appeared to be a “targeted incident focused on customers in the cryptocurrency industry”."
"A rogue employee working at HubSpot – used by more than 135,000 (and growing) customers to manage marketing campaigns and on-board new users – has been fired over a breach that zeroed in on the company’s cryptocurrency customers, the company confirmed on Friday."
“We have terminated access for the compromised HubSpot employee account and removed the ability for other employees to take certain actions in customer accounts.” —HubSpot
Swan Bitcoin is a platform which assists users in saving money in bitcoin by allowing easy routine purchases. The company used HubSpot to assist with managing their customer relationships. HubSpot suffered a data breach and names, email addresses, and phone numbers of customers were leaked. An announcement was made and the employee at the company who enabled the breach has been fired. Customers must be aware for future phishing scams which may target them.
HOW COULD THIS HAVE BEEN PREVENTED?
Privacy-conscious customers can set up separate email addresses for each service easily, and avoid providing their phone number when possible. Any received emails must be viewed with scrutiny. Interact with companies only through their official websites and confirm anything with the company directly if it promises a significant reward or threatens access to your funds.
Platforms should put in place multi-signature access control on all customer data, which requires the approval of multiple people to enable the download of data.
@stackthosesats Twitter (Jun 20)
HubSpot Data Breach Ripples Through Crytocurrency Industry (Jun 20)
@SwanBitcoin Twitter (Jun 26)
https://www.swanbitcoin.com/ (Jun 26)
@SwanBitcoin Twitter (Jun 26)
Information About HubSpot's March 18, 2022 Security Incident (Jun 26)
HubSpot hack leads to multiple Web3 and crypto company data breaches (Jun 26)
