Swan Bitcoin Hubspot Data Breach: Difference between revisions
(Adding Bitcoin Magazine article.) |
(Another 30 minutes complete.) |
||
| Line 1: | Line 1: | ||
{{ | {{Case Study Under Construction}}[[File:Swanbitcoin.jpg|thumb|Swan Bitcoin]]Swan Bitcoin is a platform which assists users in saving money in bitcoin by allowing easy routine purchases. The company used HubSpot to assist with managing their customer relationships. HubSpot suffered a data breach and names, email addresses, and phone numbers of customers were leaked. An announcement was made and the employee at the company who enabled the breach has been fired. Customers must be aware for future phishing scams which may target them. | ||
== About Swan Bitcoin == | == About Swan Bitcoin == | ||
<ref name="swanbitcoin-8174" /> | Swan Bitcoin is a platform that helps users to save and accumulate Bitcoin through automatic recurring purchases and one-time buys<ref name=":0">[https://cointelegraph.com/news/what-is-swan-bitcoin-and-how-does-it-work What is Swan Bitcoin and how does it work? - CoinTelegraph] (Jun 27, 2023)</ref>, and navigate the world of cryptocurrencies<ref name="swanbitcoin-8174" />. Unlike traditional cryptocurrency exchanges, Swan Bitcoin focuses exclusively on Bitcoin, offering expert advice and guidance to investors<ref name=":0">[https://cointelegraph.com/news/what-is-swan-bitcoin-and-how-does-it-work What is Swan Bitcoin and how does it work? - CoinTelegraph] (Jun 27, 2023)</ref>. They provide educational resources and curated collections of Bitcoin-related content<ref name="swanbitcoin-8174" /> as well as an open-source product suite for Bitcoin custody and usage<ref name=":0" />. Users can connect their bank accounts to the platform and automate the withdrawal of funds for Bitcoin purchases<ref name=":0">[https://cointelegraph.com/news/what-is-swan-bitcoin-and-how-does-it-work What is Swan Bitcoin and how does it work? - CoinTelegraph] (Jun 27, 2023)</ref>. They offer automated Bitcoin savings plans and instant purchases, catering to clients of any size<ref name="swanbitcoin-8174" />. The platform utilizes the dollar-cost averaging strategy, where users can set up recurring purchases at regular intervals to spread out their investments and reduce the average cost per coin<ref name=":0">[https://cointelegraph.com/news/what-is-swan-bitcoin-and-how-does-it-work What is Swan Bitcoin and how does it work? - CoinTelegraph] (Jun 27, 2023)</ref>. Swan Private caters to corporations and high net worth individuals interested in building generational wealth with Bitcoin<ref name="swanbitcoin-8174" />. For those planning to invest over $100,000 in Bitcoin, Swan Private provides personalized assistance<ref name=":0">[https://cointelegraph.com/news/what-is-swan-bitcoin-and-how-does-it-work What is Swan Bitcoin and how does it work? - CoinTelegraph] (Jun 27, 2023)</ref><ref name="swanbitcoin-8174" />. With Swan Private, clients can receive personalized assistance and advice on Bitcoin custody, large BTC purchases, and integrating Bitcoin into company balance sheets<ref name=":0">[https://cointelegraph.com/news/what-is-swan-bitcoin-and-how-does-it-work What is Swan Bitcoin and how does it work? - CoinTelegraph] (Jun 27, 2023)</ref>. | ||
"Our mission is to walk alongside you on your journey into Bitcoin, the future of money." | The Swan Bitcoin application allows users to save money by converting dollars into Bitcoin regularly, with options for daily, weekly, or monthly purchases<ref name="swanbitcoin-8174" />. Swan Bitcoin prioritizes security, storing Bitcoin with a trusted custodian and ensuring that users have legal ownership of their funds<ref name=":0">[https://cointelegraph.com/news/what-is-swan-bitcoin-and-how-does-it-work What is Swan Bitcoin and how does it work? - CoinTelegraph] (Jun 27, 2023)</ref>. The platform emphasizes the importance of Bitcoin as a long-term store of value and protection against inflation<ref name="swanbitcoin-8174" />. Swan Bitcoin offers various features, including recurring buy plans, instant buys, entity buys, bank wires, low fees, and free withdrawals<ref name="swanbitcoin-8174" />. The platform has gained recognition and was listed among the 21 most influential Bitcoin projects and companies in 2020<ref name="swanbitcoin-8174" />.They have reportedly implemented robust encryption and authentication measures for account security<ref name=":0">[https://cointelegraph.com/news/what-is-swan-bitcoin-and-how-does-it-work What is Swan Bitcoin and how does it work? - CoinTelegraph] (Jun 27, 2023)</ref>.<blockquote>"Our mission is to walk alongside you on your journey into Bitcoin, the future of money." | ||
"Swan is the best way to build your Bitcoin stack, with automated Bitcoin savings plans and instant purchases. Serving clients of any size, from $10 to $10M+." | "Swan is the best way to build your Bitcoin stack, with automated Bitcoin savings plans and instant purchases. Serving clients of any size, from $10 to $10M+."</blockquote> | ||
== About HubSpot == | == About HubSpot == | ||
<ref name=" | HubSpot is a CRM platform offering a suite of software, integrations, and resources to connect marketing, sales, content management, and customer service<ref name=":1">[https://www.hubspot.com/ HubSpot Homepage] (Jun 27, 2023)</ref>. The platform consists of products that can be used individually or together to achieve optimal results<ref name=":1">[https://www.hubspot.com/ HubSpot Homepage] (Jun 27, 2023)</ref>. The Marketing Hub helps with traffic growth, lead generation, marketing automation, and analytics<ref name=":1">[https://www.hubspot.com/ HubSpot Homepage] (Jun 27, 2023)</ref>. The Sales Hub provides insights into prospects, automates tasks, and facilitates deal closures<ref name=":1">[https://www.hubspot.com/ HubSpot Homepage] (Jun 27, 2023)</ref>. The Service Hub focuses on customer service, connecting with customers, and turning them into promoters<ref name=":1">[https://www.hubspot.com/ HubSpot Homepage] (Jun 27, 2023)</ref>. The CMS Hub offers flexible content management for marketers and powerful features for developers<ref name=":1">[https://www.hubspot.com/ HubSpot Homepage] (Jun 27, 2023)</ref>. The Operations Hub synchronizes applications, cleans and curates customer data, and automates processes<ref name=":1">[https://www.hubspot.com/ HubSpot Homepage] (Jun 27, 2023)</ref>. | ||
HubSpot emphasizes the importance of security, privacy, and control in its products<ref name="hubspotlegal-8616">[https://legal.hubspot.com/security HubSpot Security Program - Hubspot Website] (Jul 20, 2022)</ref>. It offers a comprehensive approach to data security, privacy, and control, providing tools that empower teams to achieve compliance and a secure infrastructure to protect data<ref name="hubspotlegal-8616">[https://legal.hubspot.com/security HubSpot Security Program - Hubspot Website] (Jul 20, 2022)</ref>. HubSpot is trusted by over 121,000 customers in more than 120 countries, including notable organizations such as KPMG, WWF, GoFundMe, Cybereason, LegalZoom, and CancerIQ<ref name="hubspotlegal-8616">[https://legal.hubspot.com/security HubSpot Security Program - Hubspot Website] (Jul 20, 2022)</ref>. The company takes a proactive approach to privacy and security, ensuring that its products meet established standards<ref name="hubspotlegal-8616">[https://legal.hubspot.com/security HubSpot Security Program - Hubspot Website] (Jul 20, 2022)</ref>. HubSpot follows a defense-in-depth approach, implementing multiple layers of security throughout the organization<ref name="hubspotlegal-8616">[https://legal.hubspot.com/security HubSpot Security Program - Hubspot Website] (Jul 20, 2022)</ref>. It complies with industry best practices, such as the OWASP Top 10 and the CIS Critical Security Controls, to continuously improve its security program. HubSpot prioritizes data privacy, ensuring that customer data is protected and used only as permitted in its Customer Terms of Service and Privacy Policy<ref name="hubspotlegal-8616">[https://legal.hubspot.com/security HubSpot Security Program - Hubspot Website] (Jul 20, 2022)</ref>. It offers features like GDPR compliance tools, customizable consent tracking, and subscription settings to help customers comply with data privacy regulations<ref name="hubspotlegal-8616">[https://legal.hubspot.com/security HubSpot Security Program - Hubspot Website] (Jul 20, 2022)</ref>. HubSpot's CRM platform is built on secure software development processes and includes features like SSL certificates, single sign-on, two-factor authentication, and password protection for enhanced security<ref name="hubspotlegal-8616">[https://legal.hubspot.com/security HubSpot Security Program - Hubspot Website] (Jul 20, 2022)</ref>. Customers can access resources like GDPR compliance information, privacy policy details, legal documentation, and security reports through HubSpot's Trust Center<ref name="hubspotlegal-8616">[https://legal.hubspot.com/security HubSpot Security Program - Hubspot Website] (Jul 20, 2022)</ref>. The company also addresses frequently asked questions about its infrastructure, regional data hosting, certifications, encryption, and other security measures<ref name="hubspotlegal-8616">[https://legal.hubspot.com/security HubSpot Security Program - Hubspot Website] (Jul 20, 2022)</ref>. Overall, HubSpot provides software that is secure, reliable, and designed to scale with businesses<ref name="hubspotlegal-8616">[https://legal.hubspot.com/security HubSpot Security Program - Hubspot Website] (Jul 20, 2022)</ref>. | |||
" | HubSpot's CMO predicts that AI will revolutionize business in the future<ref name=":1" />. HubSpot supports its users with free courses, certifications, resources, and a dedicated customer support team<ref name=":1" />. It also has a thriving user community, user groups, blogs, and an app marketplace with numerous integrations<ref name=":1" />. | ||
== The Reality == | |||
Some employees of HubSpot have access to HubSpot accounts. This access is intended to be used to assist customers<ref name="threatpost-8170" />. Users should be aware that it often includes the past behavioural history of individual users. Such information is highly valuable in creating an effective social engineering attack<ref name="threatpost-8170" />.<blockquote>“While it is true that financial data is not stored in the CRM, you should be aware that data associated with the users of these companies and their behaviors is logged in the CRM. This puts users in a unique position to be targeted in social engineering attacks.” | |||
- HubSpot super admin Robert Warren</blockquote>This sections is included if a case involved deception or information that was unknown at the time. Examples include: | |||
" | * When the service was actually started (if different than the "official story"). | ||
* Who actually ran a service and their own personal history. | |||
* How the service was structured behind the scenes. (For example, there was no "trading bot".) | |||
* Details of what audits reported and how vulnerabilities were missed during auditing. | |||
" | "@SwanBitcoin had data they provided to @HubSpot for marketing hacked. It includes name, email addresses, account type, phone, and in some cases company name." "Hubspot, a third-party marketing vendor, confirmed a bad actor within their company gained access to Swan client marketing data." | ||
" | "But as of Tuesday, the situation looked a bit more grim, as Swan followed up with more details uncovered in its forensic investigation. It turns out that 0.2 percent of the dataset included “a limited historical snapshot of USD deposits,” the company said – an inclusion that’s “against company policy.” The company said that it’s conducted a post-mortem to ensure that the slippage won’t happen again." | ||
== What Happened == | == What Happened == | ||
| Line 123: | Line 98: | ||
|<ref name="hubspot-8171" /> TBD what was the update? | |<ref name="hubspot-8171" /> TBD what was the update? | ||
|} | |} | ||
== Technical Details == | |||
"@SwanBitcoin had data they provided to @HubSpot for marketing hacked. It includes name, email addresses, account type, phone, and in some cases company name." "Hubspot, a third-party marketing vendor, confirmed a bad actor within their company gained access to Swan client marketing data." | |||
“While it is true that financial data is not stored in the CRM, you should be aware that data associated with the users of these companies and their behaviors is logged in the CRM,” Warren wrote. “This puts users in a unique position to be targeted in social engineering attacks.” | |||
"But as of Tuesday, the situation looked a bit more grim, as Swan followed up with more details uncovered in its forensic investigation. It turns out that 0.2 percent of the dataset included “a limited historical snapshot of USD deposits,” the company said – an inclusion that’s “against company policy.” The company said that it’s conducted a post-mortem to ensure that the slippage won’t happen again." | |||
== Total Amount Lost == | == Total Amount Lost == | ||
| Line 131: | Line 113: | ||
== Immediate Reactions == | == Immediate Reactions == | ||
How did the various parties involved (firm, platform, management, and/or affected individual(s)) deal with the events? Were services shut down? Were announcements made? Were groups formed? | How did the various parties involved (firm, platform, management, and/or affected individual(s)) deal with the events? Were services shut down? Were announcements made? Were groups formed? | ||
"BE AWARE of oncoming potential phishing attacks. I have not seen any public statement by @coryklippsten." | |||
"HubSpot officials told CMS Wire that “Some employees have access to HubSpot accounts,” which allows certain employees – such as account managers and support specialists – to help out customers. “In this case, a bad actor was able to compromise an employee account and make use of this access to export contact data from a small number of HubSpot accounts,” HubSpot reportedly said." | |||
"A full list of the affected clients has not been published, but the company said it appeared to be a “targeted incident focused on customers in the cryptocurrency industry”." | |||
"A rogue employee working at HubSpot – used by more than 135,000 (and growing) customers to manage marketing campaigns and on-board new users – has been fired over a breach that zeroed in on the company’s cryptocurrency customers, the company confirmed on Friday." | |||
“We have terminated access for the compromised HubSpot employee account and removed the ability for other employees to take certain actions in customer accounts.” —HubSpot | |||
== Ultimate Outcome == | == Ultimate Outcome == | ||
| Line 171: | Line 163: | ||
<ref name="threatpost-8170">[https://threatpost.com/hubspot-data-breach-crytocurrency-industry/179086/ HubSpot Data Breach Ripples Through Crytocurrency Industry - Threatpost] (Jun 20, 2022)</ref> | <ref name="threatpost-8170">[https://threatpost.com/hubspot-data-breach-crytocurrency-industry/179086/ HubSpot Data Breach Ripples Through Crytocurrency Industry - Threatpost] (Jun 20, 2022)</ref> | ||
<ref name="swanbitcointwitter-8173">[https://twitter.com/SwanBitcoin/status/1506355008127877123 SwanBitcoin - "After an additional forensic investigation of the Hubspot data leak, we found more information to report." - Twitter] (Jun 26, 2022)</ref> | <ref name="swanbitcointwitter-8173">[https://twitter.com/SwanBitcoin/status/1506355008127877123 SwanBitcoin - "After an additional forensic investigation of the Hubspot data leak, we found more information to report." - Twitter] (Jun 26, 2022)</ref> | ||
<ref name="swanbitcoin-8174">https://www.swanbitcoin.com/ (Jun 26, 2022)</ref> | <ref name="swanbitcoin-8174">[https://www.swanbitcoin.com/ Swan Bitcoin Homepage] (Jun 26, 2022)</ref> | ||
<ref name="swanbitcointwitter-8175">[https://twitter.com/SwanBitcoin/status/1505261139571191813 <nowiki>SwanBitcoin - "a bad actor within [Hubspot] gained access to Swan client marketing data. Read Cory’s email to clients in the attached screenshots for details." - Twitter</nowiki>] (Jun 26, 2022)</ref> | <ref name="swanbitcointwitter-8175">[https://twitter.com/SwanBitcoin/status/1505261139571191813 <nowiki>SwanBitcoin - "a bad actor within [Hubspot] gained access to Swan client marketing data. Read Cory’s email to clients in the attached screenshots for details." - Twitter</nowiki>] (Jun 26, 2022)</ref> | ||
<ref name="hubspot-8171">[https://www.hubspot.com/en-us/march-2022-security-incident Information About HubSpot's March 18, 2022 Security Incident - Hubspot Website] (Jun 26, 2022)</ref> | <ref name="hubspot-8171">[https://www.hubspot.com/en-us/march-2022-security-incident Information About HubSpot's March 18, 2022 Security Incident - Hubspot Website] (Jun 26, 2022)</ref> | ||
<ref name="siliconrepublic-8176">[https://www.siliconrepublic.com/enterprise/hubspot-data-breach-crypto-web3-bitcoin HubSpot hack leads to multiple Web3 and crypto company data breaches - Silicon Republic] (Jun 26, 2022)</ref> | <ref name="siliconrepublic-8176">[https://www.siliconrepublic.com/enterprise/hubspot-data-breach-crypto-web3-bitcoin HubSpot hack leads to multiple Web3 and crypto company data breaches - Silicon Republic] (Jun 26, 2022)</ref> | ||
</references> | </references> | ||
Revision as of 10:40, 28 June 2023
Notice: This page is a new case study and some aspects have not been fully researched. Some sections may be incomplete or reflect inaccuracies present in initial sources. Please check the References at the bottom for further information and perform your own additional assessment. Please feel free to contribute by adding any missing information or sources you come across. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.
Swan Bitcoin is a platform which assists users in saving money in bitcoin by allowing easy routine purchases. The company used HubSpot to assist with managing their customer relationships. HubSpot suffered a data breach and names, email addresses, and phone numbers of customers were leaked. An announcement was made and the employee at the company who enabled the breach has been fired. Customers must be aware for future phishing scams which may target them.
About Swan Bitcoin
Swan Bitcoin is a platform that helps users to save and accumulate Bitcoin through automatic recurring purchases and one-time buys[1], and navigate the world of cryptocurrencies[2]. Unlike traditional cryptocurrency exchanges, Swan Bitcoin focuses exclusively on Bitcoin, offering expert advice and guidance to investors[1]. They provide educational resources and curated collections of Bitcoin-related content[2] as well as an open-source product suite for Bitcoin custody and usage[1]. Users can connect their bank accounts to the platform and automate the withdrawal of funds for Bitcoin purchases[1]. They offer automated Bitcoin savings plans and instant purchases, catering to clients of any size[2]. The platform utilizes the dollar-cost averaging strategy, where users can set up recurring purchases at regular intervals to spread out their investments and reduce the average cost per coin[1]. Swan Private caters to corporations and high net worth individuals interested in building generational wealth with Bitcoin[2]. For those planning to invest over $100,000 in Bitcoin, Swan Private provides personalized assistance[1][2]. With Swan Private, clients can receive personalized assistance and advice on Bitcoin custody, large BTC purchases, and integrating Bitcoin into company balance sheets[1].
The Swan Bitcoin application allows users to save money by converting dollars into Bitcoin regularly, with options for daily, weekly, or monthly purchases[2]. Swan Bitcoin prioritizes security, storing Bitcoin with a trusted custodian and ensuring that users have legal ownership of their funds[1]. The platform emphasizes the importance of Bitcoin as a long-term store of value and protection against inflation[2]. Swan Bitcoin offers various features, including recurring buy plans, instant buys, entity buys, bank wires, low fees, and free withdrawals[2]. The platform has gained recognition and was listed among the 21 most influential Bitcoin projects and companies in 2020[2].They have reportedly implemented robust encryption and authentication measures for account security[1].
"Our mission is to walk alongside you on your journey into Bitcoin, the future of money." "Swan is the best way to build your Bitcoin stack, with automated Bitcoin savings plans and instant purchases. Serving clients of any size, from $10 to $10M+."
About HubSpot
HubSpot is a CRM platform offering a suite of software, integrations, and resources to connect marketing, sales, content management, and customer service[3]. The platform consists of products that can be used individually or together to achieve optimal results[3]. The Marketing Hub helps with traffic growth, lead generation, marketing automation, and analytics[3]. The Sales Hub provides insights into prospects, automates tasks, and facilitates deal closures[3]. The Service Hub focuses on customer service, connecting with customers, and turning them into promoters[3]. The CMS Hub offers flexible content management for marketers and powerful features for developers[3]. The Operations Hub synchronizes applications, cleans and curates customer data, and automates processes[3].
HubSpot emphasizes the importance of security, privacy, and control in its products[4]. It offers a comprehensive approach to data security, privacy, and control, providing tools that empower teams to achieve compliance and a secure infrastructure to protect data[4]. HubSpot is trusted by over 121,000 customers in more than 120 countries, including notable organizations such as KPMG, WWF, GoFundMe, Cybereason, LegalZoom, and CancerIQ[4]. The company takes a proactive approach to privacy and security, ensuring that its products meet established standards[4]. HubSpot follows a defense-in-depth approach, implementing multiple layers of security throughout the organization[4]. It complies with industry best practices, such as the OWASP Top 10 and the CIS Critical Security Controls, to continuously improve its security program. HubSpot prioritizes data privacy, ensuring that customer data is protected and used only as permitted in its Customer Terms of Service and Privacy Policy[4]. It offers features like GDPR compliance tools, customizable consent tracking, and subscription settings to help customers comply with data privacy regulations[4]. HubSpot's CRM platform is built on secure software development processes and includes features like SSL certificates, single sign-on, two-factor authentication, and password protection for enhanced security[4]. Customers can access resources like GDPR compliance information, privacy policy details, legal documentation, and security reports through HubSpot's Trust Center[4]. The company also addresses frequently asked questions about its infrastructure, regional data hosting, certifications, encryption, and other security measures[4]. Overall, HubSpot provides software that is secure, reliable, and designed to scale with businesses[4].
HubSpot's CMO predicts that AI will revolutionize business in the future[3]. HubSpot supports its users with free courses, certifications, resources, and a dedicated customer support team[3]. It also has a thriving user community, user groups, blogs, and an app marketplace with numerous integrations[3].
The Reality
Some employees of HubSpot have access to HubSpot accounts. This access is intended to be used to assist customers[5]. Users should be aware that it often includes the past behavioural history of individual users. Such information is highly valuable in creating an effective social engineering attack[5].
“While it is true that financial data is not stored in the CRM, you should be aware that data associated with the users of these companies and their behaviors is logged in the CRM. This puts users in a unique position to be targeted in social engineering attacks.” - HubSpot super admin Robert Warren
This sections is included if a case involved deception or information that was unknown at the time. Examples include:
- When the service was actually started (if different than the "official story").
- Who actually ran a service and their own personal history.
- How the service was structured behind the scenes. (For example, there was no "trading bot".)
- Details of what audits reported and how vulnerabilities were missed during auditing.
"@SwanBitcoin had data they provided to @HubSpot for marketing hacked. It includes name, email addresses, account type, phone, and in some cases company name." "Hubspot, a third-party marketing vendor, confirmed a bad actor within their company gained access to Swan client marketing data."
"But as of Tuesday, the situation looked a bit more grim, as Swan followed up with more details uncovered in its forensic investigation. It turns out that 0.2 percent of the dataset included “a limited historical snapshot of USD deposits,” the company said – an inclusion that’s “against company policy.” The company said that it’s conducted a post-mortem to ensure that the slippage won’t happen again."
What Happened
The specific events of the loss and how it came about. What actually happened to cause the loss and some of the events leading up to it.
| Date | Event | Description |
|---|---|---|
| March 15th, 2022 | Social Engineering Attack | On March 15th, at an unspecified time, a HubSpot employee fell victim to a social engineering attack which persuaded the employee to provide the necessary credentials and multi-factor authentication[6]. |
| March 17th, 2022 | Client Data Exported | It is reported by Hubspot that contact data and user data was exported on March 17th and March 18th through an internal support tool called "just-in-time access" (or JITA)[6]. |
| March 18th, 2023 7:00:00 AM MDT | Hubspot Realized Breach | HubSpot reports they first "became aware of this unauthorized activity. [They] took prompt action to shut down the bad actor’s access and investigate its impact."[6] |
| March 19th, 2022 4:59:00 AM MDT | stackthosestats Tweet | Twitter user stackthosestats reports that Swan Bitcoin was also affected and users should be aware if they use that platform[7]. |
| March 19th, 2022 | Hubspot Issues Press Release FAQ | According to HubSpot's website, they published the statement and FAQ on March 19th. (No time is provided and the page was not captured by archive until the following day.) The state that "[o]n March 18, a bad actor compromised a HubSpot employee account and used it to access data within fewer than 30 HubSpot accounts."[8][9] Hubspot also set up a public FAQ page on their website to provide more information. They report the breach exporting contact data from fewer than 30 HubSpot portals, all of which have been notified. HubSpot believes the incident to be targeted at customers in the cryptocurrency industry and has taken measures to terminate access for the compromised employee account and prevent other employees from taking certain actions in customer accounts. Customers who have been impacted by the breach should contact their respective companies for information about what data was shared and any necessary steps they need to take[10][11]. |
| March 19th, 2022 1:13:00 PM MDT | Swan Bitcoin Posts To Twitter | Swan Bitcoin posts an email announcement to Twitter with a screenshot of the email to clients[12]. TBD expand with more details. |
| March 20th, 2022 8:03:24 PM MDT | Hubspot Creates Public FAQ Page | Hubspot sets up a public FAQ page on their website to provide more information about a recent breach that occurred on March 18. They report the breach involved a bad actor compromising a HubSpot employee account and exporting contact data from fewer than 30 HubSpot portals, all of which have been notified. HubSpot believes the incident to be targeted at customers in the cryptocurrency industry and has taken measures to terminate access for the compromised employee account and prevent other employees from taking certain actions in customer accounts. Customers who have been impacted by the breach should contact their respective companies for information about what data was shared and any necessary steps they need to take[13][14]. |
| March 21st, 2022 8:17:00 AM MDT | CoinDesk Article Published | CoinDesk publishes an article on the incident[15]. They report that a data breach at third-party marketing vendor HubSpot has impacted BlockFi, Swan Bitcoin, NYDIG, and Circle, among others, who maintain their customers' funds are still safe and secure. While user information was leaked to hackers, the affected companies said passwords and other internal information were not affected. HubSpot has not disclosed the full extent of the breach, and an investigation is ongoing. This is copied to Yahoo Finance[16]. |
| March 21st, 2022 10:53:00 AM MDT | Cory Klippsten Criticism | Swan Bitcoin CEO Cory Klippsten criticizes the industry since close to 30 companies appear to have been breached and fewer than 10 have disclosed it publicly. He announces that his company is severing relations[17]. |
| March 21st, 2022 11:57:00 AM MDT | Blockworks Article Published | Blockworks publishes an article on the situation. They reported multiple crypto companies were affected including NYDIG, Pantera Capital, BlockFi, Circle and Swan Bitcoin. They report that Pantera Capital was breached a month earlier, and reference a Tweet from a breach a year and a month ago. The data breach saw user information leaked to hackers, but not passwords or sensitive personal information. It is believed to have been a “targeted incident focused on customers in the cryptocurrency industry”. Affected companies maintain customer funds are still safe and secure, and are monitoring the situation closely. The full extent of the HubSpot hack is still unknown and the investigation is reportedly still ongoing[18]. |
| March 21st, 2022 5:05:26 PM MDT | Bitcoin Magazine Article | Bitcoin Magazine publishes an article on the Hubspot data breach[19]. They report the unauthorized user with "super admin" access exported contact lists and data, including IP addresses, email histories, customer browsing behavior, financial value, and help tickets. While financial data was not compromised, the loss of user persona and behavioral data is severe, and users should expect spear phishing and spam attacks. Users are advised to be cautious of unsolicited communications and to use privacy best practices when browsing, buying, and communicating online[20]. |
| March 22nd, 2022 3:10:55 AM MDT | Silicon Republic Article | Silicon Republic reports that cryptocurrency companies, including Swan Bitcoin, BlockFi, NYDIG, Pantera Capital, and Circle, were among the 30 affected by a data breach at marketing and sales platform HubSpot. The company confirmed that a “bad actor” compromised an employee account and exported contact data from a small number of customer accounts. While it is unclear what the attacker planned to do with the information, phishing emails have been reported attempting to trick users into submitting their passwords into a fake company website[21][22]. |
| March 22nd, 2022 1:39:00 PM MDT | More Information To Report | Swan Bitcoin updates on Twitter to report they've found more information to report[23]. TBD expand with information description. |
| March 24th, 2022 11:11:00 AM MDT | ThreatPost Article Published | ThreatPost publishes an article on the situation. They report that HubSpot, a marketing platform used by over 135,000 customers, suffered a data breach due to a rogue employee who targeted the company's cryptocurrency customers. At least 30 crypto firms were affected, including BlockFi, Swan Bitcoin, Circle, and NYDIG. The stolen data included contact data, names, emails, account types, phone numbers, and in some cases, company names. While there was no loss of sensitive financial or personal data, such as Social Security numbers or tax IDs, there was the inclusion of a "limited historical snapshot of USD deposits" and about 1.2% of the dataset included clients' intended investment areas or the median net worth of their approximate geographic locales[24]. |
| July 11th, 2022 7:00:00 AM MDT | Hubspot Updates Information Page | [13] TBD what was the update? |
Technical Details
"@SwanBitcoin had data they provided to @HubSpot for marketing hacked. It includes name, email addresses, account type, phone, and in some cases company name." "Hubspot, a third-party marketing vendor, confirmed a bad actor within their company gained access to Swan client marketing data."
“While it is true that financial data is not stored in the CRM, you should be aware that data associated with the users of these companies and their behaviors is logged in the CRM,” Warren wrote. “This puts users in a unique position to be targeted in social engineering attacks.”
"But as of Tuesday, the situation looked a bit more grim, as Swan followed up with more details uncovered in its forensic investigation. It turns out that 0.2 percent of the dataset included “a limited historical snapshot of USD deposits,” the company said – an inclusion that’s “against company policy.” The company said that it’s conducted a post-mortem to ensure that the slippage won’t happen again."
Total Amount Lost
No funds were lost.
How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie?
Immediate Reactions
How did the various parties involved (firm, platform, management, and/or affected individual(s)) deal with the events? Were services shut down? Were announcements made? Were groups formed?
"BE AWARE of oncoming potential phishing attacks. I have not seen any public statement by @coryklippsten."
"HubSpot officials told CMS Wire that “Some employees have access to HubSpot accounts,” which allows certain employees – such as account managers and support specialists – to help out customers. “In this case, a bad actor was able to compromise an employee account and make use of this access to export contact data from a small number of HubSpot accounts,” HubSpot reportedly said."
"A full list of the affected clients has not been published, but the company said it appeared to be a “targeted incident focused on customers in the cryptocurrency industry”."
"A rogue employee working at HubSpot – used by more than 135,000 (and growing) customers to manage marketing campaigns and on-board new users – has been fired over a breach that zeroed in on the company’s cryptocurrency customers, the company confirmed on Friday."
“We have terminated access for the compromised HubSpot employee account and removed the ability for other employees to take certain actions in customer accounts.” —HubSpot
Ultimate Outcome
What was the end result? Was any investigation done? Were any individuals prosecuted? Was there a lawsuit? Was any tracing done?
Swan Bitcoin stopped using Hubspot[17].
Total Amount Recovered
There do not appear to have been any funds recovered in this case.
What funds were recovered? What funds were reimbursed for those affected users?
Ongoing Developments
What parts of this case are still remaining to be concluded?
Hubspot reported upgrading security on their FAQ[6]:
Since the incident, we have taken steps to enhance our security and to prevent a similar attack from occurring in the future. While our investigation has concluded and remediation completed, we remain committed to improving our security through regular assessments and testing.
General Prevention Policies
Privacy-conscious customers can set up separate email addresses for each service easily, and avoid providing their phone number when possible. Any received emails must be viewed with scrutiny. Interact with companies only through their official websites and confirm anything with the company directly if it promises a significant reward or threatens access to your funds.
Platforms should put in place multi-signature access control on all customer data, which requires the approval of multiple people to enable the download of data.
Individual Prevention Policies
No specific policies for individual prevention have yet been identified in this case.
For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.
Platform Prevention Policies
Policies for platforms to take to prevent this situation have not yet been selected in this case.
For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.
Regulatory Prevention Policies
No specific regulatory policies have yet been identified in this case.
For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.
References
- ↑ 1.0 1.1 1.2 1.3 1.4 1.5 1.6 1.7 1.8 What is Swan Bitcoin and how does it work? - CoinTelegraph (Jun 27, 2023)
- ↑ 2.0 2.1 2.2 2.3 2.4 2.5 2.6 2.7 2.8 Swan Bitcoin Homepage (Jun 26, 2022)
- ↑ 3.0 3.1 3.2 3.3 3.4 3.5 3.6 3.7 3.8 3.9 HubSpot Homepage (Jun 27, 2023)
- ↑ 4.00 4.01 4.02 4.03 4.04 4.05 4.06 4.07 4.08 4.09 4.10 HubSpot Security Program - Hubspot Website (Jul 20, 2022)
- ↑ 5.0 5.1 HubSpot Data Breach Ripples Through Crytocurrency Industry - Threatpost (Jun 20, 2022)
- ↑ 6.0 6.1 6.2 6.3 Information About HubSpot's March 18, 2022 Security Incident - Hubspot Website (Jun 26, 2022)
- ↑ stackthosesats - "Also seeing that @SwanBitcoin has been affected. Please be aware if you use that platform as well." - Twitter (Jun 20, 2022)
- ↑ HubSpot's Statement Regarding March 18, 2022 Security Incident - Hubspot Website (Jul 20, 2022)
- ↑ HubSpot's Statement Regarding March 18, 2022 Security Incident - Hubspot Website Archive March 20th, 2022 6:18:05 PM MDT (Apr 24, 2023)
- ↑ Information About HubSpot's March 18, 2022 Security Incident - Hubspot Website (Jun 26, 2022)
- ↑ Information About HubSpot's March 18, 2022 Security Incident - Hubspot Website Archive March 20th, 2022 8:03:24 PM MDT (Apr 24, 2023)
- ↑ SwanBitcoin - "a bad actor within [Hubspot] gained access to Swan client marketing data. Read Cory’s email to clients in the attached screenshots for details." - Twitter (Jun 26, 2022)
- ↑ 13.0 13.1 Information About HubSpot's March 18, 2022 Security Incident - Hubspot Website (Jun 26, 2022)
- ↑ Information About HubSpot's March 18, 2022 Security Incident - Hubspot Website Archive March 20th, 2022 8:03:24 PM MDT (Apr 24, 2023)
- ↑ HubSpot Hack Leads to Data Breaches at BlockFi, Swan Bitcoin, NYDIG and Circle - CoinDesk (Apr 24, 2023)
- ↑ HubSpot Hack Leads to Data Breaches at BlockFi, Swan Bitcoin, NYDIG and Circle - Yahoo Finance (Jul 20, 2022)
- ↑ 17.0 17.1 Cory Klippsten - "Hubspot says it's around 30 crypto companies in the hack. Fewer than 10 have divulged so far." - Twitter (Jul 20, 2022)
- ↑ NYDIG, BlockFi, Pantera, Circle All ‘Targeted’ in HubSpot Data Breach - Blockworks (Jul 20, 2022)
- ↑ How HubSpot Data Breach Hits Bitcoiners - Bitcoin Magazine Archive March 21st, 2022 5:05:26 PM MDT (Apr 25, 2023)
- ↑ How HubSpot Data Breach Hits Bitcoiners - Bitcoin Magazine - Bitcoin News, Articles and Expert Insights (Jul 19, 2022)
- ↑ HubSpot hack leads to multiple Web3 and crypto company data breaches - Silicon Republic (Jun 26, 2022)
- ↑ HubSpot hack leads to multiple Web3 and crypto company data breaches - Silicon Republic Archive March 22nd, 2022 4:07:55 AM MDT (Apr 24, 2023)
- ↑ SwanBitcoin - "After an additional forensic investigation of the Hubspot data leak, we found more information to report." - Twitter (Jun 26, 2022)
- ↑ HubSpot Data Breach Ripples Through Crytocurrency Industry - Threatpost (Jun 20, 2022)
Cite error: <ref> tag with name "siliconrepublic-8176" defined in <references> is not used in prior text.