In the cryptocurrency market, data breaches are not uncommon. Another prominent crypto service provider has been compromised. BlockFi announced that an unauthorized third party had gained access to some of its customer data.
Crypto exchange and high-interest earning service provider BlockFi confirmed a data breach through one of its third-party vendors, Hubspot. Hubspot is used for its Client Relationship Management (CRM) and marketing purposes.
Therefore, client information that was relevant for that purpose was stored with Hubspot – including names, email addresses, and phone numbers. The Twitter thread shared that personal data, such as passwords, government-issued IDs, and social security numbers, “were never stored on Hubspot.”
The announcement by the exchange assured that its internal systems and, more importantly, client funds were unaffected. The exact details of the breached data have yet to be identified and revealed.
An investigation is underway to determine the full extent of the data breach’s impact.
“In the spirit of transparency, we wanted to make our clients aware of this incident before bad actors could use this information to their detriment. We felt time was of the essence, and we are expediently working through our investigation,” it shared.
To help users protect their online presence from bad actors, the company recommended four methods: strong unique passwords, two-factor authentication (2FA), “allowlisting” of BlockFi address, and vigilance against scammers.
BlockFi clients have faced these alarming situations of data breaches before during last year that impacted retail clientele and not any institutional clients.
The current breach is yet another setback for the New Jersey-based company, which was fined $100 million earlier, after an SEC investigation determined that its high-yield products violated the Investment Act, 1940.
In response to which BlockFi has been preparing to launch a new version of its loan product called ‘BlocFi Yield’ that would comply with the said regulations.
Hackers have used such information to initiate phishing attacks and gain access to accounts via passwords. The recently launched NFT collection Rare Bears’ users suffered a loss of $800,000 worth of NFTs during such a phishing attack.
