AvidXchange, a company allegedly targeted in a ransomware attack, is now facing data leaks orchestrated by several cybercriminal groups. These groups have taken to the dark web, where they are actively sharing and publicizing information stolen in the AvidXchange data leak.
The latest development surrounding this data leak saga involves two more ransomware groups, who have claimed to post the pilfered information on their respective websites.
Multiple claims of AvidXchange data leak
RansomHouse ransomware group published exfiltrated files on its dark web portal, alleging that they were from the AvidXchange cyber attack.
The Cyber Express contacted the North Carolina-based financial services company. However, we are yet to receive an official response.
Threat intelligence service Falcon Feeds tweeted screenshots of the leaked data and claims made by other ransomware groups.
The post screenshot about the AvidXchange data leak stated that users did not require a password to access the leaked data. It read that the AvidXchange cyber attack took place on April 16, 2023.
The hacker collective claimed to exfiltrate 450GB of data and leaked it on May 31, 2023.
The post read, “We’re the ones who believe there’s a faster, more efficient way for middle-market businesses to process invoices and make payments; and who, as your ally, want to liberate your AP from all that paperwork that’s slowing down your business and costing you money.”
Tweeting about the incident, a Falcon Feed researcher wrote, “RansomHouse ransomware group claims to have published the data from AvidXchange, Inc. (http://avidxchange.com) to their dark web portal. Meanwhile Abyss data leaks portal has published the file’s password and the CL0P ransomware group began publishing the data on their dark web portal.”
(Photo: Falcon Feeds)
Cl0p and Abyss were also after the data stolen from the AvidXchange data leak as the company has a good revenue that the hackers noted on the dark web. Abyss listed AvidXchange on its victim list early in May, and threatened to leak the stolen data on May 19.
AvidXchange Data Leak: Unveiling a trail of security incidents
This is not the first time the company witnessed a security incident. Earlier this April, the company discovered a security incident early in April 2023. Among other details passwords, bank account numbers, and non-disclosure agreements were leaked from the previous AvidXchange data leak incident.
AvidXchange detected a cybersecurity incident as part of our routine security monitoring protocols. In response to the incident, we launched an investigation with the support of leading cybersecurity experts, reached out to law enforcement and have taken and will continue to take actions to implement additional safeguards,” the company stated in a security update.
The RansomHouse group was behind the AvidXchange cyber attack. “The investigation, which is ongoing, has revealed that the incident affected some of AvidXchange’s systems and that data from these systems was exfiltrated. Threat actors have published data they claim to have taken from our systems,” added the security update.
The company further stated that they reviewed the files on the dark web from the AvidXchange data leak and said that login credentials for a specific application used by a small number of customers were found.
The application was taken offline temporarily, to prevent further threats. They contacted the affected individuals and had them change their credentials.
“We are also aware that a threat actor may release additional information,” the report added.
The cloud-based payments software providing company, AvidXchange had over 1,500 employees, according to a report published in May. They catered to over 7,000 customers in 2020 and facilitated over 53 million transactions.
Over $145 billion was spent under management and the AvidXchange paid over 700,000 suppliers in five years.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
