![]() In a short statement on its website, AvidXchange said the incident “affected some of our systems and data.” The company said its investigation is ongoing, but confirmed that it detected in early April that “some data from these systems was exfiltrated.”ĪvidXchange said during the company’s first-quarter earnings call on Monday that it expects to incur costs related to the incident, but spokesperson Olivia Sorrells declined to tell TechCrunch whether the company received or paid a ransom demand from RansomHouse or answer TechCrunch’s questions. Notes in the document suggest many of the logins may still be in use. The leaked login details suggest that AvidXchange uses easily guessable passwords with derivations of the company’s name and the word “password” itself. The leak also includes login details, including usernames, passwords and, in some cases, answers to security questions for a variety of the company’s systems, including cloud accounts and security software, through to smart door locks and surveillance cameras. “Dear AvidXchange, We strongly recommend you to contact us to prevent your confidential data, documents from being leaked,” a message on RansomHouse’s dark web leak site reads.Ī sample of the stolen data, seen by TechCrunch, includes non-disclosure agreements, employee payroll information and corporate bank account numbers. The North Carolina-based company says it processed 70 million transactions for 8,000 customers in 2022.Ī ransomware group called RansomHouse claimed responsibility for the recent cyberattack on AvidXchange. Hackers have published a trove of sensitive data stolen from payment software company AvidXchange after the company fell victim to ransomware for the second time this year.ĪvidXchange provides cloud-based software that helps organizations automate invoice processing and payment management processes. ![]()
0 Comments
Leave a Reply. |