You’ve undoubtedly seen the recent news of the HubSpot data breach targeting Bitcoin and cryptocurrency companies and are likely wondering what it all means. While this is not the first and will not be the last data breach in this industry, customer relationship manager (CRM) data leaks pose a severe and unique threat that you, as a user and Bitcoiner, must be aware of.
As someone who has worked deeply as a HubSpot super admin, designing internal systems and managing sales and marketing teams using these tools for over seven years, I want to debrief you on what the current status of the breach is as I see it, and on what this means for you as a customer in this space and what you can do about it.
Most individuals don’t understand the power of a CRM. At minimum, these tools allow companies to acquire, sort and manage incoming customers (and their data) in a way that provides the best user experience. At maximum, these tools are capable of an extreme degree of web monitoring and AI-based user segmentation and prediction.
While HubSpot has already published a rundown of what happened during the leak here, I’d like to explain what this means from my perspective as a HubSpot Super Admin, and for someone whose data is potentially in one of the approximately 30 compromised databases.
What Happened In The HubSpot Data Breach And What Data Might Be Compromised
- HubSpot has a level of access called “super admin” on both the internal and external sides of its platform
- Someone internal to HubSpot, with super admin access, had their account compromised
- Super Admin access internally allows someone to hop between company accounts and export contact lists (and potentially all associated CRM data)
- The unauthorized user exported contact lists and assorted information belonging to bitcoin and cryptocurrency companies, including NYDIG, Swan, and BlockFi.
While it is true that financial data is not stored in the CRM, you should be aware that data associated with the users of these companies and their behaviors is logged in the CRM. This puts users in a unique position to be targeted in social engineering attacks. Following are a few examples of the types of data that can easily be stored in a CRM system and may have been exported in this recent data breach:
- IP addresses
- Email histories with representatives at the associated companies and any messages or notes those representatives have on customers and their accounts
- Customer browsing behavior on associated company websites
- Mailing and/or shipping addresses
- How customers are characterized internally by companies (“big buyer,” “whale,” “mid-sized contact,” ”small user,” etc.)
- Individual customers’ financial value to companies
- Any and all deals customers have done with compromised companies and any associated values, email negotiations or contacts
- Help tickets or requests customers have logged with compromised companies
When data is exported from a CRM, it typically comes in a standard database format. This can take the shape of a common .csv or .xls file. Because of this, migrating data from one CRM to the next is often as easy as exporting, re-uploading and tagging appropriate data headers, i.e., first name, last name, address, etc. Expect this situation to unfold quickly.
What Can Someone Whose Data Has Been Compromised Do?
Fortunately, it appears financial data has not been compromised in this recent breach, however, the loss of user persona and behavioral data is severe. At minimum, you should expect to be targeted with spear phishing and spam attacks going forward. Should a bad actor wish to execute a social engineering attack on you, they may contact you with extremely specific information about your name, location, services used and even your behavior on company websites.
Be wary of anyone contacting you via email or phone going forward, and be sure that any and all representatives contacting you are actually associated with the companies they claim to speak for. If you are a high-value customer of a compromised company in this space, I recommend contacting your company representative immediately to verify what data has been breached, what internal classifications that company has on you and what you can do to enhance security in your communications going forward.
For super admins of companies using HubSpot, I recommend disabling employee visibility into your account here and contacting your representative to discuss further removing access permissions on your data. We have yet to see how HubSpot is going to handle this unfolding situation and I would expect the first course of action is to strictly limit who has “view” and especially “export” permissions of company data.
Overall, the best course of action for everyone in this space is to use privacy best practices when browsing, buying and communicating online. This brief article won’t be able to delve into that topic. An unfortunate truth of the hyperconnected digital universe we live in is that any data you share, can and will be stolen. Stay vigilant, and if you aren’t already, begin implementing privacy and security best practices into all of your personal and online behaviors.
This is a guest post by Robert Warren. Opinions expressed are entirely their own and do not necessarily reflect those of BTC Inc or Bitcoin Magazine.