HubSpot OAuth Token
Service Name: HubSpot
Service Description: HubSpot is a leading customer relationship management (CRM) platform that provides software and support to help businesses grow. It offers tools for marketing, sales, content management, and customer service.
Service Address: https://www.hubspot.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the account level through HubSpot's security settings.
Secret Access Scope: Grants programmatic access to HubSpot's API endpoints, allowing interaction with contacts, companies, deals, tickets, and other HubSpot data depending on the scopes assigned to the token.
Secret Revokement URL: https://app.hubspot.com/settings/integrations
Secret Example: pat-na1-12345678-abcd-1234-abcd-1234567890ab
Suspicious Activity Investigation Instructions:
- Review the HubSpot audit logs for unusual API calls or data access patterns
- Check for unexpected changes to contacts, deals, or other CRM data
- Monitor for unusual volumes of API requests or access from unfamiliar locations
- Review the OAuth app permissions and connected integrations in your HubSpot account
- Verify if there are any unauthorized workflows or automations created
Mitigation Instructions:
-
Log in to your HubSpot account and navigate to Settings > Integrations > Private Apps
-
Locate the compromised OAuth token/application
- Click "Delete" or "Revoke Access" for the affected token
- Create a new private app with appropriate scopes if needed
- Review and update access permissions for all remaining integrations
- Enable two-factor authentication for all HubSpot users
- Consider implementing IP restrictions for API access
- Audit user permissions and remove unnecessary access rights
- Monitor for any data that may have been compromised during the unauthorized
access