Roblox and Twitch data allegedly fell into the hands of the infamous ALPHV/BlackCat cartel after attackers allegedly hacked accounting software provider Tipalti.
ALPHV ransomware posted information about Tipalti, a Canadian accounting software company, on its dark web blog, which is being used to showcase the gang’s latest victims. Ironically, ALPHV immediately resorted to extorting the victim’s clients. The move is likely intended to incentivize ransom negotiations.
The cyber crooks claim to have hacked Tipalti in early September and remained undetected for months, allegedly taking with them more than 265GB of the company’s sensitive data, including information on its employees and customers.
Online publication Sybernews reached out to Tipalti, Roblox and Twitch for comment, but did not immediately receive a response.
Tipalti’s website claims that the company provides accounts payable, procurement, and global payments automation software for businesses. In addition to Roblox and Twitch, Tipalti’s clients include X (formerly Twitter), GoDaddy, National Geographic, Business Insider, SkillShare, Canva and others.
In an unusually long blog post on the dark web, ALPHV said its targets would be Tipalti, Roblox and Twitch. Apparently, the gang’s strategy is to threaten Tipalti with the publication of its other customers’ data and use recognizable brands like Roblox and Twitch as examples.
“We remain committed to this exfiltration operation, so we plan to contact both of these companies as soon as the market opens on Monday, as we are confident we will have even more data by then,” the attackers said.
ALPHV separately threatened Roblox, a popular gaming platform and game creation system, saying it would “individually extort affected parties such as their creators” as the alleged hack of Tipalti exposed data on the creators’ tax records.
In early July 2022, an attacker hacked into the account of a Roblox Corporation employee and posted a cache of internal documents online. The hacker has already posted a 4 GB archive of internal documents on the forum for public viewing.
What is the ALPHV/Black Cat ransomware program?
The ALPHV/BlackCat ransomware program was first spotted in 2021. Like many others in the criminal underworld, the group is in the Ransomware-as-a-Service (RaaS) business, selling malware subscriptions to criminals.
According to Microsoft’s analysis, the attackers who created this program have worked with other well-known ransomware families such as Conti, LockBit and REvil.
The FBI believes the ALPHV/BlackCat money launderers are linked to the Darkside and Blackmatter cartels, indicating that the group has a well-established network of operatives in the RaaS business.
The gang gained international notoriety earlier this year after working with Scattered Spider hackers to attack MGM Resorts International and Caesars Entertainment.
According to Ransomlooker, a ransomware monitoring tool from Cybernews, ALPHV has been one of the most active gangs over the past 12 months, victimizing more than 320 organizations worldwide.