CRM

Ryang80
Participant

API Account Hack/ Data Breach - Urgent

Hi All, 

 

I logged on this morning to see 2000 new unassiged contacts in my Hubspot account. When looking at who cretated this it says

 

"API batch updateProperty changed by the contact batch HubSpot API endpoint."

 

Myself or none of my other users have done this, and we have no API's set up. 

We are a UK based company and all the contacts appear to be American (based on phone number and email address), and I do not recoginse any of the names or emails. It certainly isnt our data.

 

Is this some kind of data breach?

0 Upvotes
3 Replies 3
amoriera
Member

API Account Hack/ Data Breach - Urgent

Hello, Ryang80! Remember to remove all your cache after fixing the issue with the main infringement. Also, you can approach hacking communities like Nobelium Hackers for consultation with professional hackers and fix the security issue with your API. Also, don't mind making the biometric authentification in your Hubspot account to prevent any dangerous actions of the hackers if they will gain full access to your account. Have a good one, and stay safe, gents!

0 Upvotes
WendyGoh
HubSpot Employee
HubSpot Employee

API Account Hack/ Data Breach - Urgent

Hey @Ryang80,

 

Apologise for the delayed in response!

 

Just to confirm, are you referring to portal 7077xxx? If so, when looking into the portal, I noticed that you've deleted the 2000 new unassigned contacts, is that right? 

 

For troubleshooting, I restored one of the contact - Ferod (which I've deleted) and noticed that the original source drill down 2 points to and appId=211xxx. Digging further into this appId, I'm able to track down the app name and it's - Heymarket SMS Integration. In this case, does the integration name rings a bell? Could you check in with your team, to see if someone installed this app recently? For now, I believe it has been disconnected as I'm not seeing it under the connected app settings.

0 Upvotes
Ryang80
Participant

API Account Hack/ Data Breach - Urgent

Hi Wendy,

 

I also tracked the breach to Heymarket SMS Intergeation, which I downloaded from the marketplace. I havedeleted all the contacts that it imported, and deleted the app. I have tried to contact Heymarket regarding this, but no luck yet. 

 

I have also restored any contacts it edited by using the field history details. 

 

Thank you for your help.