Tipalti Says No Evidence of Breach After ALPHV Claims Stealing 256GB Data

• Written by Shipra Sanganeria Cybersecurity & Tech Writer

Tipalti says it has found no evidence of a data breach after the notorious ransomware gang ALPHV (Aka BlackCat) claimed to have hacked the accounting software provider’s network.

On 3 December, ALPHV in a post on its leak website claimed to have breached Tipalti’s network since 8 September . The gang stated that by staying undetected in ‘’multiple Tipali systems’’, it had managed to exfiltrate 256GB of confidential business data including Twitch and Roblox information. In the same post, it announced to extort these two companies separately.

“We remain committed to this exfiltration operation, so we plan to reach out to both these companies once the market opens on Monday as we believe we will have an even greater amount of data by then,’’ the post read.

In response, Tipalti engaged third-party forensic experts and launched an investigation ; however, to date, no evidence has been found to support the alleged claims.

“Protecting your data and the security of our systems is of utmost importance to us and we are taking this matter very seriously,” a company notification to customers shared by Zach Bussey on X read. “Our team is thoroughly investigating these claims, and, at the moment, we have found no evidence of a breach or data leak.”

It also reassured customers that it would continue to investigate and monitor the situation and share updates regarding this.

The California-based accounting and payment automation software company processes more than $50 billion in payment annually, and services over 2,500 customers worldwide. Besides Roblox and Twitch, some of its prominent clients include GoDaddy, Roku, X, ZipRecruiter, Canva, and others.

Post Tipalti’s response, ALPHV reposted the company on its leak site , warning that it was contacting Tipalti’s clients with individual ransomware demands. While the name of all affected customers was not revealed, the gang is believed to be targeting Roblox, the popular online gaming platform.

“In the case of Roblox, we plan to individually extort affected parties, such as their creators, for whom we have significant confidential information, including tax documents,” the post revealed.

Malicious SpyLoan Applications on Google Play Extorts Users

• Written by Shipra Sanganeria Cybersecurity & Tech Writer

Since the beginning of 2023, security researchers have identified several deceptive loan apps on Google Play Store. Posing as legitimate personal loan services, these apps promise users a quick and easy access to funds. However, their true intent is to defraud victims into signing up for high-interest loan payments and collecting personal and financial information for blackmailing them.

Dubbed SpyLoan, due to their inherent functionality, these applications have been downloaded more than 12 million times on Google Play. However, the actual count is estimated to be much higher as they are also available on third-party app stores and fraudulent websites, revealed ESET .

Marketed through social media websites and SMS messages, SpyLoan deceives victim’s into sharing various kinds of sensitive information and exfiltrate it to hacker controlled C2 servers.

Stolen information includes, call logs, device details, installed apps, calendar events, contact list, location data, SMS messages, local Wi-Fi network details, and file information. According to ESET researchers, the purpose behind collecting this data and various device permission requests ‘’is to spy on their users and harass and blackmail them and their contacts’’.

ESET, a member of the App Defense Alliance and active participant in mitigating malware from Google Play, discovered 18 SpyLoan apps. These were reported to Google, resulting in the removal of 17 notified apps.

The research further revealed that irrespective of the download source, the risks and functionality of these apps were identical, due to a similar underlying code. Furthermore, ESET’s telemetry revealed that these attacks were more prominent in Mexico, Indonesia, Thailand, Vietnam, India, Pakistan, Colombia, Peru, the Philippines, Egypt, Kenya, Nigeria, and Singapore.

According to ESET’s researcher Lukáš Štefanko, these apps are designed to take advantage of vulnerable people. Thus, it is essential that online users exercise caution and stay vigilant when using such financial applications.

ESET further advises people to download apps only from verified, official sources and to carefully scrutinize requested permissions, app reviews, and policies to prevent falling prey to such threats.