HubSpot has acknowledged a breach that impacted some of its customers, with bad actors gaining unauthorized access to their accounts.
According to the company, on June 22 it became aware of “bad actors targeting a limited number of HubSpot customers and attempting to gain unauthorized access to their HubSpot accounts.” The company activated its incident response procedures and began contacting customers that were impacted.
Hubspot reports that, as of July 1, there has been no unauthorized access for several days.
HubSpot continues to investigate this incident, however as of 11:00 am ET on July 1, 2024, we have seen no new instances of unauthorized access in over 90 hours. We have contacted all impacted customers at this time. We will post an update at the end of the investigation.
From the beginning of the incident, HubSpot said it believed the impact would be limited to a small subset of its customers. The company has not said why it believed that—whether it was because of the HubSpot Security team’s fast response, or if it was a specific subset of users that was targeted from the outset.