Payment software company AvidXchange suffers second ransomware attack in 2023

Payment software giant AvidXchange, which provides cloud-based software helping organizations automate invoice processing and payment management processes, suffered a second ransomware attack in 2023.

In a message posted on its dark web leak site, a ransomware group called RansomHouse claimed responsibility for the cyberattack. It published a trove of sensitive data stolen from this North Carolina-based company.

The sample data includes non-disclosure agreements, employee payroll information, and corporate bank account numbers. The data also includes login information, such as usernames, passwords, and answers to security questions for a variety of the company’s systems, ranging from cloud accounts and security software to smart door locks and surveillance cameras.

According to the leaked login information, AvidXchange employs easily guessable passwords derived from the company’s name and the word "password" itself. According to the document, many of the logins are still in use.

AvidXchange stated on its website that the incident "affected some of our systems and data." The company stated that its investigation is ongoing, but it did confirm that in early April, "some data from these systems was exfiltrated." Olivia Sorrells, the company’s spokesperson, refused to say whether the company received or paid a ransom demand from RansomHouse.

It’s unclear how AvidXchange was hacked, how many customers and employees were affected by the breach, and whether AvidXchange has the ability to determine what data was stolen from its systems.