The ransomware group ALPHV/BlackCat claims to have stolen user data belonging to popular online platforms Roblox and Twitch. The hackers allege they breached Tipalti - a Canadian accounting software provider - back in September and exfiltrated over 265GB of sensitive customer information.
Tipalti provides payment automation services to numerous high-profile companies. On its website, Tipalti lists clients like Roblox, Twitch, X (formerly Twitter), GoDaddy, National Geographic, and Canva among others.
As of yet, it’s unclear just how much information the attackers have managed to get their hands on. Since Tipalti only provides payment-related services to companies like Roblox and Twitch, it’s unlikely most users will be affected. However, confidential information of Roblox developers such as credit card details could still be at risk.
Here are more details of the cyberattack.
What Does the Ransomware Group Plan to Do?
ALPHV mentioned in their dark web blog post that it plans to target Roblox developers by publishing the tax documents and other financial information they have stolen from Tipalti. This is, of course, the group’s way of putting pressure on Tipalti to pay the ransom.
The group also mentioned in their blog post that there is an insider involved in the cyberattack. Unfortunately, the identity of the insider has still not been discovered, but it seems they are still active.
In the blog post, ALPHV wrote, “We remain committed to this exfiltration operation, so we plan to reach out to both these companies once the market opens on Monday as we believe we will have an even greater amount of data by then, in addition to the likely inability of the Tipali company to be able to contain our efforts by then, given their incompetency and taking into account that an insider was, and is still actively involved.”
The group also mentioned another ransomware group that was responsible for leaking 4GB of data belonging to Roblox creators in 2022 and how the company failed to pay the ransom. ALPHV plans to release all the information they have stolen in multiple phases if Tipalti and Roblox fail to pay.
ALPHV’s full statement on its dark web blog. (Source: Roblox_RTC on X).
Previous Attacks by ALPHV/BlackCat
ALPHV, also known as BlackCat, first emerged in 2021 and have attacked other companies in the past. The group operates on a ransomware-as-a-service model, allowing other hackers to use its malware for a fee. ALPHV is believed to share connections with several other major ransomware cartels.
Earlier this year, the gang worked with another ransomware group called Scattered Spider to steal data from MGM Resorts, a popular hotel and casino chain.
Rise in Ransomware Incidents
The latest alleged hack of Tipalti and the resulting data theft from hugely popular platforms Roblox and Twitch seems to follow an increasingly aggressive pattern of extortion by ALPHV against large corporations.
Considering most companies today rely on cloud storage for the storage of their data, the rise in ransomware incidents is inevitable. That’s why it’s crucial that companies bolster their cybersecurity measures to safeguard sensitive information in the face of evolving cyber threats.