CrunchBase was hacked. Gwyneth Paltrow's account was defaced

Experts SadBotTrue team detected the hack of Gwyneth Paltrow and 26 professionals accounts were defaced with sexists texts. The hack was not fixed for almost two month.

Among 26 affected personal accounts are Hollywood celebrities, presidents of top tech companies, partners of top investment funds and other.

Hollywood celebrities Gwyneth Paltrow, Reese Witherspoon, Rachel Zoe. Neil Ashe (President CBS Interactive), Blair Christie (Senior Vice President & CMO Cisco), Melinda Dunn (Chief Financial Officer Sequoia Capital), Gitte Bedford (Vice President Robert Bosch Venture Capital), Kate Marie Sigfusson (social activist and entrepreneur) and many other.

All the accounts were defaced from 15 February to 15 march. In the period of 5 days were defaced 18 accounts. Among 26 accounts 24 accounts belong to the females.

For every account, the hacker misleadingly added the new positions in different companies, with 57 years of experience. All job description has the same sexist text.

“hello dear im request for job dear send email me : send kisses”

All changes in personal job list are related with added companies. The same misleading sexist texts were appeared on the 25 company's pages with “Current team” list.

In addition, the hacker has used other types of defacing. The 22 accounts have posted the same photo of the arab man.

For the account Blair Christie, Senior Vice President & CMO Cisco the hacker has added the double of the jobs with sexist descriptions.

The overview of the account Kate Marie Sigfusson was totally defaced with sexist text all other data in overview was removed.

The hacker has the database administrator’s password. We don’t know the way, how he has got it. All changes were made by the same CrunchBase contributor profile. For imitation of contribution activity, the hacker uses the facebook user “mohammad sharif bagheri saei” (archive and original account). This account is the simple bot with very strange activity across different social networks and has no connections with real life.

All affected accounts have this name the last on the list of updates, except Cathy Pearl. On 20 February, 5 days after the hack, Crunchbase stuff have updated her data but did not react on previous updates by the suspicious contributor.

Quick conclusions are difficult to make, more detailed investigation is needed. There are a lot of strange and inexplicable facts in this case. Perhaps, the comments of the representatives of the CrunchBase will allow understanding what happened.

According to Techcrunch, on 5, April 2017, Crunchbase raises $18M, debuts Enterprise business intelligence, plans ‘Marketplace’ for 3rd party data.

The appendix. Screenshots

1. The 26 accounts defaced with sexist texts.

2. The examples of affected companies.

3. The same contributor.

The list of companies, affected with sexist job description and misleading team members

BMW of North America


Thomson Reuters

Motorola Mobility

Accel Partners









University of California

PC World.




PC World



Cornell University

Hello Alfred