HubSpot Hacked! Customers Impacted by New Cybersecurity Attack

The CRM stalwart released a statement on Friday, highlighting how it was working “to revoke the unauthorized access”

HubSpot Hacked! Customers Impacted by New Cybersecurity Attack
CRMLatest News

Published: July 1, 2024

Charlie Mitchell

HubSpot has isolated a “security incident” where hackers appeared to gain access to several customer accounts.

The CRM leader spotted the incident on June 22, but the news didn’t break for another six days.

Eventually, Alyssa Robinson, Chief Information Security Officer at HubSpot, released a statement to the press.

In doing so, she noted that the business had “identified a security incident that involved bad actors targeting a limited number of HubSpot customers and attempting to gain unauthorized access to their accounts.

HubSpot triggered our incident response procedures, and since June 22, we have been contacting impacted customers and taking necessary steps to revoke the unauthorized access and protect our customers and their data.

As of Friday, June 28, HubSpot has not revealed whether it has received any communication from the hacking group.

Moreover, the extent of the incident and the number of impacted customers is unclear.

Although, HubSpot is known to have more than 100,000 paying customers, helping the business recently break the $1BN in annual recurring revenue (ARR) milestone.

That success seems to have caught the attention of Google, which has reportedly engaged in acquisition talks with the CRM stalwart.

Such speculation has given HubSpot a market boost this year, and its stock price has stayed steady week-to-date despite TechCrunch first revealing the hacking on Friday.

The news does, however, somewhat ironically come less than a month after HubSpot promised new data protection capabilities for its Smart CRM users.

Yet, this is only the latest in a series of hacking attempts on big-name enterprise tech providers.

CX Tech Leaders Fall Victims to Hacking Groups

HubSpot is one of the latest in an increasingly long list of enterprise tech firms to endure such a cybersecurity incident.

Thankfully, though, the attackers won’t always get away with it. Indeed, just a few weeks ago, the alleged ringleader of a hacking group that breached Twilio, LastPass, and Mailchimp was arrested in Spain.

Known as “Scattered Spider”, the group engaged in many SIM-swapping attacks. Also, in the case of Twilio, it tricked employees into sharing their logins to gain access to internal systems and swipe customer data from internal systems.

However, while this group may face the consequences, more seem to be trying their luck and breaching the world’s biggest software companies.

Since 2022, Apple, Meta, and X – back when it was Twitter – have fallen victim to such data breaches.

Additionally, as businesses expand their digital transformation efforts, they increase their data flows, proliferation of devices, and the number of people that touch the business. As such, they endure new risks.

Yet, perhaps most worryingly, with new devices and the greater accessibility of AI, a hacker’s toolkit is becoming ever more dangerous.

For instance, in recent months, CX Today has written many times about the new dangers of attackers targeting organizations with deepfakes.

An excellent example is how OpenAI stalled the release of its voice cloning tool while cautioning against voice-based customer identification methods for “accessing bank accounts and other sensitive information.”

For more on how businesses can prepare for such security incidents and deepfake attacks, check out our article: Deepfakes in the Contact Center: Are You Ready?



CRMEnterpriseSecurity and Compliance

Brands mentioned in this article.


Share This Post