Logo - Full (Color)
Skip to content

HubSpot's statement

Read here

Information About HubSpot's March 18, 2022 Security Incident

On March 18, 2022, HubSpot, learned that a bad actor had gained unauthorized access to a portion of our internal systems and a small number of customer accounts. In the weeks following this incident, HubSpot worked with outside resources to perform the rigorous analysis required to understand the nature and the scope of this event. This investigation is now complete, and we are updating this page to provide transparency on the findings. 

Frequently Asked Questions

  • On March 15, a bad actor conducted a social engineering attack against a HubSpot employee that captured the employee’s credentials and persuaded the employee to provide the necessary multi-factor authentication. 
  • Between March 15 and March 17, the bad actor conducted reconnaissance within HubSpot’s internal systems. 
  • On March 17 and March 18, the bad actor exported contact data and user data from certain HubSpot customer accounts via an internal support tool called just-in-time-access (or JITA). 
  • By 9:00 AM ET on March 18, HubSpot became aware of this unauthorized activity. We took prompt action to shut down the bad actor’s access and investigate its impact.

We terminated access for the compromised HubSpot employee account. We then launched a wide-scale investigation to ensure we fully understood the event. We engaged a third-party forensics firm on this investigation to partner with our internal teams.

We partnered closely with the forensics firm and outside legal counsel to ensure we fully understood the event. When the investigation with the forensics firm concluded, HubSpot  reviewed the findings of the investigation and has since shared any relevant information with impacted customers.

The investigation of the bad actor’s activity confirmed that this was a targeted attack focused on customers in the cryptocurrency industry. There was no evidence of suspicious activity within targeted customer accounts after March 18, 2022. 

We have notified all customers whose customer data was impacted by the incident. If you are a customer that did not receive a notification from HubSpot regarding this incident, then the customer data in your account was not affected. 

Since the incident, we have taken steps to enhance our security and to prevent a similar attack from occurring in the future. While our investigation has concluded and remediation completed, we remain committed to improving our security through regular assessments and testing. 


For more information on our Security program, please visit our Security page where you can find our SOC2 reports and Security Overview.


This page was last updated at 9:00 a.m. ET on July 11, 2022