Re: SaaS Marketing platform Hubspot export vulnerability

[security () hubspot com]

We at HubSpot take the concerns of the security community seriously, and continuously work to improve our posture in 
this ever-changing field. We do have predefined roles in the application which allow our customers to segment users 
permissions based on their role. These horizontal permissions are quite common among SaaS vendors.

The export functionality mentioned does have existing auditing capability in the back end. For exports, we have full 
audit trails for the timestamp, link to the file, customer id, and user id for all requests. We have never exposed this 
audit data to our customers through the UI because there has never been a high demand for this functionality. This 
issue is now in queue with our Engineering team and we will be releasing it shortly.