Roblox, Twitch allegedly targeted by ransomware cartel

Roblox and Twitch data allegedly got into the hands of the notorious ALPHV/BlackCat ransomware cartel after attackers supposedly breached an accounting software provider, Tipalti.

ALPHV ransomware posted Tipalti, a Canada-based accounting software fintech, on its dark web blog, used to showcase the gang‘s latest victims. Somewhat unusually, the ALPHV immediately resorted to extorting the victim‘s clients. The move is likely meant to encourage ransom negotiation.

Cybercrooks claim they breached Tipalti in early September and managed to remain undetected for months, allegedly exfiltrating over 265 GB of sensitive company data, including information on its employees and customers.

We reached out to Tipalti, Roblox and Twitch for comment but did not immediately receive a reply.

Tipalti Roblox
Post on ransomware gang’s dark web blog. Image by Cybernews.

Tipalti’s website claims the company provides accounts payable, procurement, and global payments automation software for businesses. Besides Roblox and Twitch, Tipalti lists X (formerly Twitter), GoDaddy, National Geographic, Business Insider, SkillShare, Canva, and others among its clients.

In an unusually long post on its dark web blog, ALPHV insisted it would target Tipalti, Roblox, and Twitch. The gang’s strategy appears to threaten Tipalti to publish data of its other customers and use recognizable brands such as Roblox and Twitch as an example.

“We remain committed to this exfiltration operation, so we plan to reach out to both these companies once the market opens on Monday as we believe we will have an even greater amount of data by then,” attackers said.

ALPHV threatened Roblox, the popular game platform and game creation system, separately, claiming it will “individually extort affected parties such as their creators,” as the supposed Tipalti breach revealed data on creator tax documents.

In early July 2022, a threat actor breached an employee account of Roblox Corporation and posted a cache of internal documents online. The hacker has already released a 4GB archive of internal documents to the forum post for public viewing.

Who is ALPHV/Black Cat ransomware?

ALPHV/BlackCat ransomware was first observed in 2021….