HubSpot’s Statement Regarding June 22, 2024 Security Incident

HubSpot's Statement Regarding June 22, 2024 Security Incident

Published on June 28, 2024

On June 22, 2024, HubSpot identified a security incident that involved bad actors targeting a limited number of HubSpot customers and attempting to gain unauthorized access to their HubSpot accounts.

HubSpot triggered our incident response procedures, and since June 22, we have contacted impacted customers and taken necessary steps to revoke the unauthorized access to protect our customers and their data. In addition, the HubSpot Security team has been actively investigating and blocking attempts to gain access to customer accounts.

While our investigation is still underway, we believe based on our initial assessment that the bad actors were able to gain unauthorized access to less than 50 HubSpot accounts.

As of 4:00 pm ET, June 28, we have seen no new instances of unauthorized access in the last 24 hours, and we have contacted all impacted customers at this time.

Though the investigation is ongoing, based on our current assessment of the incident, we believe that the impact will be isolated to a small subset of the HubSpot customer base. We will post an update at the end of the investigation in the spirit of continued transparency.