Hackers have released a trove of sensitive data stolen from payment software company AvidXchange after the company fell victim to ransomware for the second time this year.
AvidXchange provides cloud-based software that helps organizations automate their invoice processing and payment management processes. The North Carolina-based company says it has processed 70 million transactions for 8,000 customers in 2022.
A ransomware group called RansomHouse has claimed responsibility for the recent cyberattack on AvidXchange.
“Dear AvidXchange, we strongly recommend that you contact us to prevent your confidential data and documents from being leaked,” reads a message on the RansomHouse dark web leak site.
A sample of the stolen data, seen by TechCrunch, includes non-disclosure agreements, employee salary information, and corporate bank account numbers.
The leak also includes login details, including usernames and passwords, and in some cases, answers to security questions for a variety of company systems, including cloud accounts and security software, through smart door locks and surveillance cameras. Leaked login details indicate that AvidXchange uses easy-to-guess passwords with derivations of the company name and the word “password” itself. The notes in the document indicate that several logins may still be in use.
In a short statement on its website, AvidXchange said the incident “affected some of our systems and data.” The company said its investigation is continuing, but confirmed that it had discovered in early April that “some data from these systems had been leaked.”
AvidXchange said during the company’s first-quarter earnings call on Monday It expects to incur costs related to the incident, but spokeswoman Olivia Surrell declined to tell TechCrunch whether the company received or paid a RansomHouse ransom demand or answer TechCrunch’s questions.
RansomHouse, which has been active since 2021, describes itself as a “community of professional moderators” targeting organizations that have a “negligent attitude toward the privacy and security of their clients’ personal data.” The ransomware gang also recently claimed that chip maker AMD and Africa’s largest retailer Shoprite were victims.
It remains unclear how AvidXchange was compromised, how many customers and employees were affected by the breach and whether AvidXchange had the means to determine what data was leaked from its systems.
This latest breach comes just weeks after AvidXchange confirmed that it was one of 130 victims of a mass hack targeting Fortra GoAnywhere systems, announced by the Russian Clop ransomware gang. AvidXchange told TechCrunch at the time that the company used Fortra’s GoAnywhere technology to transfer files to a specific company that prints its checks.
Clop’s dark web leak site currently lists data it allegedly stole from AvidXchange, including the company’s GoAnywhere backups.
Do you have more information about the AvidXchange cyberattack? You can contact Carly Page securely on Signal at +441 536 853968, or via email. You can also contact TechCrunch via SecureDrop.