Hackers have released a trove of sensitive data stolen from the payment software company avidxchange after the company fell victim to ransomware for the second time this year.
AvidXchange provides cloud-based software that helps organizations automate invoice processing and payment management processes. The North Carolina-based company says it processed 70 million transactions for 8,000 customers in 2022.
A ransomware group called RansomHouse claimed responsibility for the recent cyber attack on AvidXchange.
“Dear AvidXchange, we strongly encourage you to contact us to prevent your sensitive data and documents from being leaked,” read a message on RansomHouse’s dark web leak site.
A sample of the stolen data, seen by TechCrunch, includes nondisclosure agreements, employee payroll information, and corporate bank account numbers.
The leak also includes login details, including usernames, passwords and, in some cases, answers to security questions for a variety of company systems, including cloud accounts and security software, right down to door locks. smart phones and surveillance cameras. Leaked login details suggest that AvidXchange uses easy-to-guess passwords with derivations from the company name and the word “password” itself. The notes in the document suggest that many of the logins may still be in use.
In a short statement On its website, AvidXchange said the incident “affected some of our systems and data.” The company said its investigation is ongoing, but confirmed that it detected in early April that “some data was extracted from these systems.”
AvidXchange said during the company’s first-quarter earnings call on Monday that it expects to incur costs related to the incident, but spokeswoman Olivia Sorrells declined to tell TechCrunch whether the company received or paid a ransom demand from RansomHouse or responded to TechCrunch’s questions.
RansomHouse, which has been active since 2021, describes itself as a “community of professional mediators” that targets organizations with a “negligent attitude towards the privacy and security of their clients’ personal data.” The ransomware gang also recently claimed chip maker AMD and The largest retailer in Africa Shoprite as victims.
It is unclear how AvidXchange was compromised, how many customers and employees are affected by the breach, and whether AvidXchange has the means to determine what data was removed from its systems.
This latest breach comes just weeks after AvidXchange confirmed it was one of 130 victims of mass hack targeting Fortra’s GoAnywhere systems, which was claimed by the Russian-speaking Clop ransomware gang. AvidXchange told TechCrunch at the time that the company used Fortra’s GoAnywhere technology to transfer files to a specific company that prints its checks.
Clop’s dark web leaks site currently lists data he allegedly stole from AvidXchange, including the company’s GoAnywhere backups.
Do you have more information about the AvidXchange cyberattack? You can reach Carly Page securely on Signal at +441536 853968, or by email. You can also contact TechCrunch via SecureDrop.
—————————————————-
Source link