HubSpot says it's investigating customer account hacks

An HubSpot logo at the Boston Convention and Exhibition Center on September 06, 2023. (Photo by Chance Yeh/Getty Images for HubSpot)

Marketing and sales software giant HubSpot said on Friday that it’s investigating a cybersecurity incident.

On Friday, rumors of some kind of cyberattack against HubSpot began circulating on social media. When reached by TechCrunch on Friday, HubSpot's chief information security officer Alyssa Robinson said in a statement that the company “identified a security incident that involved bad actors targeting a limited number of HubSpot customers and attempting to gain unauthorized access to their accounts.”

“HubSpot triggered our incident response procedures, and since June 22 we have been contacting impacted customers and taking necessary steps to revoke the unauthorized access and protect our customers and their data,” said Robinson.

The company did not say, when asked by TechCrunch, if it has received any communication from the malicious actors.

HubSpot is a U.S.-based company that specializes in customer relationship management (CRM) and marketing automation software, and has a market cap of almost $30 billion as of Friday.

At this point, it’s unclear what’s the extent of the incident and how many HubSpot customers were affected.

HubSpot says it has more than 216,000 corporate clients, and touts Discord, Eventbrite, Talkspace and others as big name customers.

UPDATE, July 1, 10:29 a.m. ET: After this story was published, HubSpot published a statement with more details about the incident. The company wrote that it believes the "the bad actors were able to gain unauthorized access to less than 50 HubSpot accounts," and that as of 4:00 p.m. ET on Friday, June 28, "we have seen no new instances of unauthorized access in the last 24 hours, and we have contacted all impacted customers at this time."