HubSpot’s Statement Regarding June 22, 2024 Security Incident
July 12, 2024 update: our investigation is complete. At the close of our investigation, we confirmed that bad actors were able to gain unauthorized access to less than 30 HubSpot customer portals. All impacted customers have been notified via email and steps have been taken to secure their accounts.
The incident began June 22, 2024 and was resolved by June 27, 2024. We have seen no new instances of unauthorized access in 14 days.
In response to this incident, our Security team:
- Deactivated and blocked bad actor accounts as we identified them;
- Audited login and signup activity to identify all affected customers;
- Reset passwords of some users based on the results of the investigation;
- Provided audits of portal activity to impacted customers.
The core tenets of HubSpot’s security program are to safeguard customer data and to maintain customer trust. HubSpot uses a defense-in-depth approach to implement layers of security throughout our organization. We’re passionate about developing new security controls and continuously refining our existing ones to protect our customers. Please see our Security Overview document and request a copy of our SOC 2 Type 2 Report for more information on our security program overall.
July 1, 2024 update: HubSpot continues to investigate this incident, however as of 11:00 am ET on July 1, 2024, we have seen no new instances of unauthorized access in over 90 hours. We have contacted all impacted customers at this time. We will post an update at the end of the investigation.
On June 22, 2024, HubSpot identified a security incident that involved bad actors targeting a limited number of HubSpot customers and attempting to gain unauthorized access to their HubSpot accounts.
HubSpot triggered our incident response procedures, and since June 22, we have contacted impacted customers and taken necessary steps to revoke the unauthorized access to protect our customers and their data. In addition, the HubSpot Security team has been actively investigating and blocking attempts to gain access to customer accounts.
While our investigation is still underway, we believe based on our initial assessment that the bad actors were able to gain unauthorized access to less than 50 HubSpot accounts.
As of 4:00 pm ET, June 28, we have seen no new instances of unauthorized access in the last 24 hours, and we have contacted all impacted customers at this time.
Though the investigation is ongoing, based on our current assessment of the incident, we believe that the impact will be isolated to a small subset of the HubSpot customer base. We will post an update at the end of the investigation in the spirit of continued transparency.
HubSpot (NYSE: HUBS) is the customer platform that helps businesses connect and grow better. HubSpot delivers seamless connection for customer-facing teams with a unified platform that includes AI-powered engagement hubs, a Smart CRM, and a connected ecosystem with over 1,500 App Marketplace integrations, a community network, and educational content. Learn more at www.hubspot.com.