API Account Hack/ Data Breach - Urgent

Highlighted
Occasional Contributor

Hi All, 

 

I logged on this morning to see 2000 new unassiged contacts in my Hubspot account. When looking at who cretated this it says

 

"API batch updateProperty changed by the contact batch HubSpot API endpoint."

 

Myself or none of my other users have done this, and we have no API's set up. 

We are a UK based company and all the contacts appear to be American (based on phone number and email address), and I do not recoginse any of the names or emails. It certainly isnt our data.

 

Is this some kind of data breach?

Reply
0 Upvotes
2 Replies 2
Highlighted
HubSpot Moderator

Hey @Ryang80,

 

Apologise for the delayed in response!

 

Just to confirm, are you referring to portal 7077xxx? If so, when looking into the portal, I noticed that you've deleted the 2000 new unassigned contacts, is that right? 

 

For troubleshooting, I restored one of the contact - Ferod (which I've deleted) and noticed that the original source drill down 2 points to and appId=211xxx. Digging further into this appId, I'm able to track down the app name and it's - Heymarket SMS Integration. In this case, does the integration name rings a bell? Could you check in with your team, to see if someone installed this app recently? For now, I believe it has been disconnected as I'm not seeing it under the connected app settings.

Reply
0 Upvotes
Highlighted
Occasional Contributor

Hi Wendy,

 

I also tracked the breach to Heymarket SMS Intergeation, which I downloaded from the marketplace. I havedeleted all the contacts that it imported, and deleted the app. I have tried to contact Heymarket regarding this, but no luck yet. 

 

I have also restored any contacts it edited by using the field history details. 

 

Thank you for your help.