Business information

HubSpot hit by hackers looking for cryptocurrency

Boston-area software company HubSpot said hackers stole data from “less than 30” of its corporate clients that deal in cryptocurrency.

HubSpot’s software helps businesses with online sales and marketing, and hackers have stolen contact details from individual customers. The information in some cases included names, email and postal addresses and telephone numbers.

HubSpot said in a statement it learned on Friday that “a bad actor compromised a HubSpot employee’s account.” The company added, “At this time, we believe this is a targeted incident focused on customers in the cryptocurrency industry.”

The company did not reveal when the data was originally stolen. Hackers were able to access HubSpot customer information by compromising an employee account, he said, because certain employees, such as account managers and support specialists, had access to the data.

HubSpot said it terminated the compromised account and “removed the ability for other employees to perform certain actions in client accounts.”

The stolen information could be used as part of an attack to steal cryptocurrency from customers by helping scammers impersonate businesses. Sending fake emails in an attempt to steal a customer’s account ID and password is known as a phishing attack.

Among the companies affected were Boston Circle Internet Financial’s crypto firm, New Jersey-based BlockFi, and Pantera Capital in California.

“Circle’s internal systems, customer funds and financial transaction data were not affected by the security incident at HubSpot,” Circle said in a statement. “Sensitive personal information, such as social security numbers or government-issued IDs, was not accessed as this information is not stored on HubSpot. We have communicated with affected parties and will follow up with any significant developments while continuing to monitor and investigate the incident.

BlockFi, which helps customers buy and sell crypto, said in a statement that its internal systems and customer funds “are protected and have not been affected.”

“We wanted to let our customers know about this incident before bad actors could use this information to their detriment,” the company said. “We felt time was running out and we are working quickly on a full review of the facts.”

Pantera Capital did not immediately respond to a request for comment.

Shares of Cambridge’s HubSpot fell about 5% on Monday and are down 29% so far this year.


Aaron Pressman can be contacted at [email protected] Follow him on Twitter @ampressman.