Tipalti says they are investigating claims that the ALPHV ransomware gang breached its network and stole 256 GB of data, including data for Roblox and Twitch.
Tipalti offers technology solutions for accounting, payment processing, eCommerce, and affiliate and influencer programs. The company has numerous well-known customers, including Twitch, Roblox, ZipRecruiter, Roku, GoDaddy, Canva, and X.
“Over the past weekend, a ransomware group claimed that they allegedly gained access to confidential information belonging to Tipalti and its customers,” Tipalti told BleepingComputer in a statement.
“Tipalti takes the security of our systems and data very seriously and has strong security protocols and tools in place. We are thoroughly investigating this claim.”
This statement comes after the ALPHV ransomware gang (aka BlackCat) published a lengthy post on their data leak site Saturday night, claiming they have had access to Tipalti’s network since September 8th.
During this time, the threat actors claim to have stolen 265 GB of data, including data for Twitch and Roblox, which they say they will extort separately.
“We have remained present, undetected, in multiple Tipali systems since September 8th 2023,” read a now-deleted post on the ALPHV data leak site.
“Over 265GB+ of confidential business data belonging to the company, as well as its employees and clients has been exfiltrated.”
“We remain committed to this exfiltration operation, so we scheme to achieve out to both these companies once the market opens on Monday as we believe we will have an even greater amount of data by then”.
Today, the threat actors published another post stating that they are now contacting Tipalti customers, whom they scheme on extorting individually.
While it is unclear what customers had their data stolen, the threat actors previously stated that they gained access to the data for Twitch and Roblox.
Furthermore, it is unusual for ransomware gangs to name victims before extorting them. However, they say they are doing this as Tipalti’s cyber insurance does not cover extortion and is not believed that the company will pay a ransom demand.
BleepingComputer contacted Roblox about the allegedly stolen data but was only offered an off-the-record comment at the time, which we declined.
We also contacted Twitch, who has not responded to our email.