AvidXchange has suffered its second Major ransomware 2023 attack after hackers posted a sample of the stolen data on their website and demanded a ransom be paid as soon as possible.
The payment software The company was targeted by a ransomware group called RansomHouse, which has since leaked super-sensitive information that can easily be used identity theft (opens in new tab) Attacks.
The stolen data includes non-disclosure agreements, employee payroll information, and company bank account numbers, the release said after analyzing a small sample. Other stolen data includes system credentials and security question answers for things like cloud accounts and security software (smart door locks, surveillance cameras, and more). Analysis of this information revealed that employees were using weak and easily guessed passwords, such as B. A derivation of the AvidXchange name along with the word “password”.
investigation is ongoing
In fact, it seems that some of the passwords still need to be changed.
In response to the leak, the company released a brief statement on its website, saying it happened in early April, with “some” of its systems affected and “some data” stolen. It added that the investigation is still ongoing.
On Monday, the company held a conference call on its first-quarter results. TechCrunch added saying it expects more costs from the attack. However, spokeswoman Olivia Sorrellis declined to say whether AvidXchange received or paid a ransom note.
AvidXchange is a cloud-based payment software provider that helps businesses automate billing and payment management.
Located in North Carolina, it had 1,500 employees and more than 7,000 customers as of 2020, according to its website. In 2020 alone, it processed approximately 53 million transactions with more than $145 billion in spend and paid more than 700,000 suppliers in five years.
Above: TechCrunch (opens in new tab)
