PandaDoc announces second Series B extension worth $30M

PandaDoc, the startup that provides a fully digital sales document workflow from proposal to electronic signature to collecting payment, announced a $30 million Series B extension today, making it the second such extension the company has taken since taking its original $15 million Series B in 2017. The total for the three B investments is $50 million.

Company co-founder and CEO Mikita Mikado says that he took this approach — taking the original money in 2017, then $5 million last year along with the money announced today — because it made more sense financially for the company than taking a huge chunk of money all at once.

“Basically when we do little chunks of cash frequently, [we found that] you dilute yourself less,” Mikado told TechCrunch. He said that they’ve grown comfortable with this approach because the business became more predictable once it passed 10,000 customers. In fact today it has 20,000.

“With a high-velocity in-bound sales model, you can predict what’s going to happen next month or [say] six months out. So you kind of have this luxury of raising as much money as you need when you need it, minimizing dilution just like public companies do,” he said.

While he wouldn’t discuss specifics in terms of valuations, he did say that the B1 had 2x the valuation of the original B round and the B2 had double the valuation of the B1.

For this round, One Peak led the investment, with participation from Microsoft’s Venture Fund (M12), Savano Capital Partners, Rembrandt Venture Partners and EBRD Venture Capital Investment Programme.

Part of the company’s growth strategy is using their eSignature tool to move people to the platform. They made that tool free in March just as the pandemic was hitting hard in the U.S., and it has proven to be what Mikado called “a lead magnet” to get more people familiar with the company.

Once they do that he says, they start to look at the broader set of tools and they can become paying customers. “This launch helped us validate that businesses need a broader workflow solution. Businesses used to think of the eSignature as the Holy Grail in getting a deal done. Now they are realizing that eSignature is just a moment in time. The full value is what happens before, during and after the eSignature in order to get deals done,” Mikado said.

The company currently has 334 employees with plans to hit 380 by year’s end and is aiming for 470 by next year. With the office in San Francisco, Belarus and Manila, it has geographic diversity built in, but Mikado says it’s something they are still working at and includes anti-bias programs and training and leadership programs to give more people a chance to be hired or promoted into management.

When it came to shutting down offices and working from home, Mikado admits it was a challenge, especially as some of the geographies they operate in might not have access to a good internet connection at home or face other challenges, but overall he says it has worked out in terms of maintaining productivity across the company. And he points out being geographically diverse, they have had to deal with online communications for some time.

Datafold is solving the chaos of data engineering

It seemed so simple. A small schema issue in a database was wrecking a feature in the app, increasing latency and degrading the user experience. The resident data engineer pops in a fix to amend the schema, and everything seems fine — for now. Unbeknownst to them, that small fix completely clobbered all the dashboards used by the company’s leadership. Finance is down, ops is pissed, and the CEO — well, they don’t even know whether the company is online.

For data engineers, it’s not just a recurring nightmare — it’s a day-to-day reality. A decade plus into that whole “data is the new oil” claptrap, and we’re still managing data piecemeal and without proper systems and controls. Data lakes have become data oceans and data warehouses have become … well, whatever the massive version of a warehouse is called (a waremansion I guess). Data engineers bridge the gap between the messy world of real life and the precise nature of code, and they need much better tools to do their jobs.

As TechCrunch’s unofficial data engineer, I’ve personally struggled with many of these same problems. And so that’s what drew me into Datafold.

Datafold is a brand-new platform for managing the quality assurance of data. Much in the way that a software platform has QA and continuous integration tools to ensure that code functions as expected, Datafold integrates across data sources to ensure that changes in the schema of one table doesn’t knock out functionality somewhere else.

Founder Gleb Mezhanskiy knows these problems firsthand. He’s informed from his time at Lyft, where he was a data scientist and data engineer, and later transformed into a product manager “focused on the productivity of data professionals.” The idea was that as Lyft expanded, it needed much better pipelines and tooling around its data to remain competitive with Uber and others in its space.

His lessons from Lyft inform Datafold’s current focus. Mezhanskiy explained that the platform sits in the connections between all data sources and their outlets. There are two challenges to solve here. First, “data is changing, every day you get new data, and the shape of it can be very different either for business reasons or because your data sources can be broken.” And second, “the old code that is used by companies to transform this data is also changing very rapidly because companies are building new products, they are refactoring their features … a lot of errors can happen.”

In equation form: messy reality + chaos in data engineering = unhappy data end users.

With Datafold, changes made by data engineers in their extractions and transformations can be compared for unintentional changes. For instance, maybe a function that formerly returned an integer now returns a text string, an accidental mistake introduced by the engineer. Rather than wait until BI tools flop and a bunch of alerts come in from managers, Datafold will indicate that there is likely some sort of problem, and identify what happened.

The key efficiency here is that Datafold aggregates changes in datasets — even datasets with billions of entries — into summaries so that data engineers can understand even subtle flaws. The goal is that even if an error transpires in 0.1% of cases, Datafold will be able to identify that issue and also bring a summary of it to the data engineer for response.

Datafold is entering a market that is, quite frankly, as chaotic as the data being processed. It sits in the key middle layer of the data stack — it’s not the data lake or data warehouse for storing data, and it isn’t the end user BI tools like a Looker, Tableau or many others. Instead, it’s part of a number of tools available for data engineers to manage and monitor their data flows to ensure consistency and quality.

The startup is targeting companies with at least 20 people on their data team — that’s the sweet spot where a data team has enough scale and resources that they are going to be concerned with data quality.

Today Datafold is three people, and will be debuting officially at YC’s Demo Day later this month. Its ultimate dream is a world where data engineers never again have to get an overnight page to fix a data quality issue. If you’ve been there, you know precisely why such a product is valuable.

WordPress.com launches new P2 to take on internal communication tools

WordPress.com, a division of Automattic, is launching a new product called P2. And this time, it’s all about improving internal communications for private groups. As a remote company, Automattic has been using P2 internally for years to communicate asynchronously. It’s a place to share long-form posts, a repository to keep onboarding documents and other important evergreen documents.

P2 is built on top of WordPress . You can view it as a sort of WordPress for teams that is heavily customized around the concept of sharing ideas with other team members. Companies now rely on multiple internal communication tools. P2 can replace some of them but doesn’t want to reinvent the wheel altogether.

For instance, P2 isn’t a Slack competitor. You can’t use it for real-time chat. But P2 can be used to share important announcements — the kind of announcements that you can find on an intranet portal.

Image Credits: WordPress.com

You can also use it for long-term projects and create your own P2 for your team in particular. In that case, P2 competes more directly with Workplace by Facebook or Yammer. In order to make it more useful for asynchronous communications, P2 has some features that make it more useful than a simple WordPress blog.

For instance, you can @-mention your co-workers to send them a notification and follow posts to receive updates. You can also create checklists, embed PDF documents, stick important posts at the top of the homepage and stay on top of what happened while you were gone. There are dedicated menus to view new posts, new comments and mentions you’ve received.

While you can theoretically access the classic WordPress back-end, you can write new posts, edit existing posts and write comments without ever leaving P2. The company uses the new block editor that lets you add headings, lists, video embeds and media in a visual way. It works a bit like Squarespace’s editor or Notion, and it makes a ton of sense to leverage the new editor right next to content you’re viewing, commenting on, etc.

For content that always remains relevant, you can create documents, which are pages without a specific publishing date and without comments. These documents are sorted in their own category and can be easily shared across a company. You can use documents for internal policies, guides or important contact information. Many companies rely on Google Docs and shared folders in Google Drive for this kind of document. P2 could potentially replace those shared folders and become the main information repository.

By default, P2 sites are private, but you can make them public in case you want to share updates on your product with clients or use P2 for public events.

If you’re familiar with the WordPress ecosystem, you might already know a WordPress theme called P2. The new P2 announced today is a new product that takes that idea to the next level. Automattic has been iterating on the concept and using it widely with its 1,300 employees across 912 internal P2 sites.

WordPress.com is going to offer hosted P2 instances. Anybody can create a P2 for free and invite other people. Eventually, WordPress.com plans to offer paid subscriptions for advanced features. In other words, P2 is going to be a software-as-a-service product. But there will be a self-hostable, open-source version in the future as well.

I played around with a few P2 instances, and the overall impression is that the complexity of WordPress remains hidden by default, which is a good thing. It’s a clean and focused product that would work particularly well in that spot between company-wide emails and announcements getting lost in Slack.

Image Credits: WordPress.com

Crossbeam announces $25M Series B to keep growing partnerships platform

As sales teams partner with other companies, they go through a process called account mapping to find common customers and prospects. This is usually a highly manual activity tracked in spreadsheets. Crossbeam, a Philadelphia startup, has come up with a way to automate partnership data integration. Today the company announced a $25 million Series B investment.

Redpoint Ventures led the round with help from existing investors FirstMark Capital, Salesforce Ventures, Slack Fund and Uncork Capital, along with new investors Okta Ventures and Partnership Leaders, a partnership industry association. All in all, an interesting mix of traditional VCs and strategic investors that Crossbeam could potentially partner with as they grow the business.

The funding comes on the heels of a $3.5 million seed round in 2018 and a $12.5 million Series A a year ago. The startup has now raised a total of $41 million.

Crossbeam has been growing steadily, and that attracted the attention of investors, whom CEO and co-founder Bob Moore says approached him. He was actually not thinking about fundraising until next year, but when the opportunity presented itself, he decided to seize it.

The platform has a natural networking effect built into it with over 900 companies using it so far. As new companies come on, they invite partners, who can join and invite more partners, and that creates a constant sales motion for them without much effort at all.

“We didn’t go out fundraising. We caught the eye of Redpoint because they could see the virality of the product and the extent to which it was being used by many of their portfolio companies and companies out in the market […],” Moore told TechCrunch.

Image Credits: Crossbeam

To accelerate interest in the product, the company also announced a new free tier, which replaces the limited free trial and a starter level that previously cost $500 per month. Prior to this move, if you didn’t move to the starter tier, you would lose your data when the trial was over.

“The idea here is what we’ve seen in the data is that we can create a whole lot of value for people and demonstrate really strong ROI once they get in the door and actually have access to that data, and they don’t have to worry about a free trial where the data is going away,” Moore explained.

Moore says they currently have 28 employees and have ambitious plans to add new people to the mix in the coming months, expecting to reach 50 employees by early 2021. As the company revs up on the personnel side, Moore says diversity is front and center of their plans.

“As far as Crossbeam specifically goes, we’ve made sure that diversity, equity and inclusion is part of our entire recruiting process and also the cultural experience that we create for people that are at the company,” he said. Although he didn’t discuss specific numbers, he said the company was making progress, particularly in the latest round of hires.

While the company has an office in Philly, even before COVID hit, it was a remote first organization with about half of the employees working from home. “I think a lot of our culture was kind of built to make sure that remote team members are first-class citizens in every respect in the company. So we already had all the controls, technology and practices in place, and when we shut the office, it was about as smooth as could be,” he said.

Mode raises $33M to supercharge its analytics platform for data scientists

Data science is the name of the game these days for companies that want to improve their decision making by tapping the information they are already amassing in their apps and other systems. And today, a startup called Mode Analytics, which has built a platform incorporating machine learning, business intelligence and big data analytics to help data scientists fulfill that task, is announcing $33 million in funding to continue making its platform ever more sophisticated.

Most recently, for example, the company has started to introduce tools (including SQL and Python tutorials) for less technical users, specifically those in product teams, so that they can structure queries that data scientists can subsequently execute faster and with more complete responses — important for the many follow-up questions that arise when a business intelligence process has been run. Mode claims that its tools can help produce answers to data queries in minutes.

This Series D is being led by SaaS specialist investor H.I.G. Growth Partners, with previous investors Valor Equity Partners, Foundation Capital, REV Venture Partners and Switch Ventures all participating. Valor led Mode’s Series C in February 2019, while Foundation and REV respectively led its A and B rounds.

Mode is not disclosing its valuation, but co-founder and CEO Derek Steer confirmed in an interview that it was “absolutely” an up-round.

For some context, PitchBook notes that last year its valuation was $106 million. The company now has a customer list that it says covers 52% of the Forbes 500, including Anheuser-Busch, Zillow, Lyft, Bloomberg, Capital One, VMware and Conde Nast. It says that to date it has processed 830 million query runs and 170 million notebook cell runs for 300,000 users. (Pricing is based on a freemium model, with a free “Studio” tier and Business and Enterprise tiers priced based on size and use.)

Mode has been around since 2013, when it was co-founded by Steer, Benn Stancil (Mode’s current president) and Josh Ferguson (initially the CTO and now chief architect).

Steer said the impetus for the startup came out of gaps in the market that the three had found through years of experience at other companies.

Specifically, when all three were working together at Yammer (they were early employees and stayed on after the Microsoft acquisition), they were part of a larger team building custom data analytics tools for Yammer. At the time, Steer said Yammer was paying $1 million per year to subscribe to Vertica (acquired by HP in 2011) to run it.

They saw an opportunity to build a platform that could provide similar kinds of tools — encompassing things like SQL Editors, Notebooks and reporting tools and dashboards — to a wider set of users.

“We and other companies like Facebook and Google were building analytics internally,” Steer recalled, “and we knew that the world wanted to work more like these tech companies. That’s why we started Mode.”

All the same, he added, “people were not clear exactly about what a data scientist even was.”

Indeed, Mode’s growth so far has mirrored that of the rise of data science overall, as the discipline of data science, and the business case for employing data scientists to help figure out what is “going on” beyond the day to day, getting answers by tapping all the data that’s being amassed in the process of just doing business. That means Mode’s addressable market has also been growing.

But even if the trove of potential buyers of Mode’s products has been growing, so has the opportunity overall. There has been a big swing in data science and big data analytics in the last several years, with a number of tech companies building tools to help those who are less technical “become data scientists” by introducing more intuitive interfaces like drag-and-drop features and natural language queries.

They include the likes of Sisense (which has been growing its analytics power with acquisitions like Periscope Data), Eigen (focusing on specific verticals like financial and legal queries), Looker (acquired by Google) and Tableau (acquired by Salesforce).

Mode’s approach up to now has been closer to that of another competitor, Alteryx, focusing on building tools that are still aimed primarily at helping data scientists themselves. You have any number of database tools on the market today, Steer noted, “Snowflake, Redshift, BigQuery, Databricks, take your pick.” The key now is in providing tools to those using those databases to do their work faster and better.

That pitch and the success of how it executes on it is what has given the company success both with customers and investors.

“Mode goes beyond traditional Business Intelligence by making data faster, more flexible and more customized,” said Scott Hilleboe, managing director, H.I.G. Growth Partners, in a statement. “The Mode data platform speeds up answers to complex business problems and makes the process more collaborative, so that everyone can build on the work of data analysts. We believe the company’s innovations in data analytics uniquely position it to take the lead in the Decision Science marketplace.”

Steer said that fundraising was planned long before the coronavirus outbreak to start in February, which meant that it was timed as badly as it could have been. Mode still raised what it wanted to in a couple of months — “a good raise by any standard,” he noted — even if it’s likely that the valuation suffered a bit in the process. “Pitching while the stock market is tanking was terrifying and not something I would repeat,” he added.

Given how many acquisitions there have been in this space, Steer confirmed that Mode too has been approached a number of times, but it’s staying put for now. (And no, he wouldn’t tell me who has been knocking, except to say that it’s large companies for whom analytics is an “adjacency” to bigger businesses, which is to say, the very large tech companies have approached Mode.)

“The reason we haven’t considered any acquisition offers is because there is just so much room,” Steer said. “I feel like this market is just getting started, and I would only consider an exit if I felt like we were handicapped by being on our own. But I think we have a lot more growing to do.”

Hacked Data Broker Accounts Fueled Phony COVID Loans, Unemployment Claims

A group of thieves thought to be responsible for collecting millions in fraudulent small business loans and unemployment insurance benefits from COVID-19 economic relief efforts gathered personal data on people and businesses they were impersonating by leveraging several compromised accounts at a little-known U.S. consumer data broker, KrebsOnSecurity has learned.

In June, KrebsOnSecurity was contacted by a cybersecurity researcher who discovered that a group of scammers was sharing highly detailed personal and financial records on Americans via a free web-based email service that allows anyone who knows an account’s username to view all email sent to that account — without the need of a password.

The source, who asked not to be identified in this story, said he’s been monitoring the group’s communications for several weeks and sharing the information with state and federal authorities in a bid to disrupt their fraudulent activity.

The source said the group appears to consist of several hundred individuals who collectively have stolen tens of millions of dollars from U.S. state and federal treasuries via phony loan applications with the U.S. Small Business Administration (SBA) and through fraudulent unemployment insurance claims made against several states.

KrebsOnSecurity reviewed dozens of emails the fraud group exchanged, and noticed that a great many consumer records they shared carried a notation indicating they were cut and pasted from the output of queries made at Interactive Data LLC, a Florida-based data analytics company.

Interactive Data, also known as IDIdata.com, markets access to a “massive data repository” on U.S. consumers to a range of clients, including law enforcement officials, debt recovery professionals, and anti-fraud and compliance personnel at a variety of organizations.

The consumer dossiers obtained from IDI and shared by the fraudsters include a staggering amount of sensitive data, including:

-full Social Security number and date of birth;
-current and all known previous physical addresses;
-all known current and past mobile and home phone numbers;
-the names of any relatives and known associates;
-all known associated email addresses
-IP addresses and dates tied to the consumer’s online activities;
-vehicle registration, and property ownership information
-available lines of credit and amounts, and dates they were opened
-bankruptcies, liens, judgments, foreclosures and business affiliations

Reached via phone, IDI Holdings CEO Derek Dubner acknowledged that a review of the consumer records sampled from the fraud group’s shared communications indicates “a handful” of authorized IDI customer accounts had been compromised.

“We identified a handful of legitimate businesses who are customers that may have experienced a breach,” Dubner said.

Dubner said all customers are required to use multi-factor authentication, and that everyone applying for access to its services undergoes a rigorous vetting process.

“We absolutely credential businesses and have several ways do that and exceed the gold standard, which is following some of the credit bureau guidelines,” he said. “We validate the identity of those applying [for access], check with the applicant’s state licensor and individual licenses.”

Citing an ongoing law enforcement investigation into the matter, Dubner declined to say if the company knew for how long the handful of customer accounts were compromised, or how many consumer records were looked up via those stolen accounts.

“We are communicating with law enforcement about it,” he said. “There isn’t much more I can share because we don’t want to impede the investigation.”

The source told KrebsOnSecurity he’s identified more than 2,000 people whose SSNs, DoBs and other data were used by the fraud gang to file for unemployment insurance benefits and SBA loans, and that a single payday can land the thieves $20,000 or more. In addition, he said, it seems clear that the fraudsters are recycling stolen identities to file phony unemployment insurance claims in multiple states.

ANALYSIS

Hacked or ill-gotten accounts at consumer data brokers have fueled ID theft and identity theft services of various sorts for years. In 2013, KrebsOnSecurity broke the news that the U.S. Secret Service had arrested a 24-year-old man named Hieu Minh Ngo for running an identity theft service out of his home in Vietnam.

Ngo’s service, variously named superget[.]info and findget[.]me, gave customers access to personal and financial data on more than 200 million Americans. He gained that access by posing as a private investigator to a data broker subsidiary acquired by Experian, one of the three major credit bureaus in the United States.

Ngo’s ID theft service superget.info

Experian was hauled before Congress to account for the lapse, and assured lawmakers there was no evidence that consumers had been harmed by Ngo’s access. But as follow-up reporting showed, Ngo’s service was frequented by ID thieves who specialized in filing fraudulent tax refund requests with the Internal Revenue Service, and was relied upon heavily by an identity theft ring operating in the New York-New Jersey region.

Also in 2013, KrebsOnSecurity broke the news that ssndob[.]ms, then a major identity theft service in the cybercrime underground, had infiltrated computers at some of America’s large consumer and business data aggregators, including LexisNexis Inc., Dun & Bradstreet, and Kroll Background America Inc.

The now defunct SSNDOB identity theft service.

In 2006, The Washington Post reported that a group of five men used stolen or illegally created accounts at LexisNexis subsidiaries to lookup SSNs and other personal information more than 310,000 individuals. And in 2004, it emerged that identity thieves masquerading as customers of data broker Choicepoint had stolen the personal and financial records of more than 145,000 Americans.

Those compromises were noteworthy because the consumer information warehoused by these data brokers can be used to find the answers to so-called knowledge-based authentication (KBA) questions used by companies seeking to validate the financial history of people applying for new lines of credit.

In that sense, thieves involved in ID theft may be better off targeting data brokers like IDI and their customers than the major credit bureaus, said Nicholas Weaver, a researcher at the International Computer Science Institute and lecturer at UC Berkeley.

“This means you have access not only to the consumer’s SSN and other static information, but everything you need for knowledge-based authentication because these are the types of companies that are providing KBA data.”

The fraud group communications reviewed by this author suggest they are cashing out primarily through financial instruments like prepaid cards and a small number of online-only banks that allow consumers to establish accounts and move money just by providing a name and associated date of birth and SSN.

While most of these instruments place daily or monthly limits on the amount of money users can deposit into and withdraw from the accounts, some of the more popular instruments for ID thieves appear to be those that allow spending, sending or withdrawal of between $5,000 to $7,000 per transaction, with high limits on the overall number or dollar value of transactions allowed in a given time period.

KrebsOnSecurity is investigating the extent to which a small number of these financial instruments may be massively over-represented in the incidence of unemployment insurance benefit fraud at the state level, and in SBA loan fraud at the federal level. Anyone in the financial sector or state agencies with information about these apparent trends may confidentially contact this author at krebsonsecurity @ gmail dot com, or via the encrypted message service Wickr at “krebswickr“.

The looting of state unemployment insurance programs by identity thieves has been well documented of late, but far less public attention has centered on fraud targeting Economic Injury Disaster Loan (EIDL) and advance grant programs run by the U.S. Small Business Administration in response to the COVID-19 crisis.

Late last month, the SBA Office of Inspector General (OIG) released a scathing report (PDF) saying it has been inundated with complaints from financial institutions reporting suspected fraudulent EIDL transactions, and that it has so far identified $250 million in loans given to “potentially ineligible recipients.” The OIG said many of the complaints were about credit inquiries for individuals who had never applied for an economic injury loan or grant.

The figures released by the SBA OIG suggest the financial impact of the fraud may be severely under-reported at the moment. For example, the OIG said nearly 3,800 of the 5,000 complaints it received came from just six financial institutions (out of several thousand across the United States). One credit union reportedly told the U.S. Justice Department that 59 out of 60 SBA deposits it received appeared to be fraudulent.

Microsoft launches Open Service Mesh

Microsoft today announced the launch of a new open-source service mesh based on the Envoy proxy. The Open Service Mesh is meant to be a reference implementation of the Service Mesh Interface (SMI) spec, a standard interface for service meshes on Kubernetes that has the backing of most of the players in this ecosystem.

The company plans to donate Open Service Mesh to the Cloud Native Computing Foundation (CNCF) to ensure that it is community-led and has open governance.

“SMI is really resonating with folks and so we really thought that there was room in the ecosystem for a reference implementation of SMI where the mesh technology was first and foremost implementing those SMI APIs and making it the best possible SMI experience for customers,” Microsoft director of partner management for Azure Compute (and CNCF board member) Gabe Monroy told me.

Image Credits: Microsoft

He also added that, because SMI provides the lowest common denominator API design, Open Service Mesh gives users the ability to “bail out” to raw Envoy if they need some more advanced features. This “no cliffs” design, Monroy noted, is core to the philosophy behind Open Service Mesh.

As for its feature set, SMI handles all of the standard service mesh features you’d expect, including securing communications between services using mTLS, managing access control policies, service monitoring and more.

Image Credits: Microsoft

There are plenty of other service mesh technologies in the market today, though. So why would Microsoft launch this?

“What our customers have been telling us is that solutions that are out there today, Istio being a good example, are extremely complex,” he said. “It’s not just me saying this. We see the data in the AKS support queue of customers who are trying to use this stuff — and they’re struggling right here. This is just hard technology to use, hard technology to build at scale. And so the solutions that were out there all had something that wasn’t quite right and we really felt like something lighter weight and something with more of an SMI focus was what was going to hit the sweet spot for the customers that are dabbling in this technology today.”

Monroy also noted that Open Service Mesh can sit alongside other solutions like Linkerd, for example.

A lot of pundits expected Google to also donate its Istio service mesh to the CNCF. That move didn’t materialize. “It’s funny. A lot of people are very focused on the governance aspect of this,” he said. “I think when people over-focus on that, you lose sight of how are customers doing with this technology. And the truth is that customers are not having a great time with Istio in the wild today. I think even folks who are deep in that community will acknowledge that and that’s really the reason why we’re not interested in contributing to that ecosystem at the moment.”

Porn Clip Disrupts Virtual Court Hearing for Alleged Twitter Hacker

Perhaps fittingly, a Web-streamed court hearing for the 17-year-old alleged mastermind of the July 15 mass hack against Twitter was cut short this morning after mischief makers injected a pornographic video clip into the proceeding.

17-year-old Graham Clark of Tampa, Fla. was among those charged in the July 15 Twitter hack. Image: Hillsborough County Sheriff’s Office.

The incident occurred at a bond hearing held via the videoconferencing service Zoom by the Hillsborough County, Fla. criminal court in the case of Graham Clark. The 17-year-old from Tampa was arrested earlier this month on suspicion of social engineering his way into Twitter’s internal computer systems and tweeting out a bitcoin scam through the accounts of high-profile Twitter users.

Notice of the hearing was available via public records filed with the Florida state attorney’s office. The notice specified the Zoom meeting time and ID number, essentially allowing anyone to participate in the proceeding.

Even before the hearing officially began it was clear that the event would likely be “zoom bombed.” That’s because while participants were muted by default, they were free to unmute their microphones and transmit their own video streams to the channel.

Sure enough, less than a minute had passed before one attendee not party to the case interrupted a discussion between Clark’s attorney and the judge by streaming a live video of himself adjusting his face mask. Just a few minutes later, someone began interjecting loud music.

It became clear that presiding Judge Christopher C. Nash was personally in charge of administering the video hearing when, after roughly 15 seconds worth of random chatter interrupted the prosecution’s response, Nash told participants he was removing the troublemakers as quickly as he could.

Judge Nash, visibly annoyed immediately after one of the many disruptions to today’s hearing.

What transpired a minute later was almost inevitable given the permissive settings of this particular Zoom conference call: Someone streamed a graphic video clip from Pornhub for approximately 15 seconds before Judge Nash abruptly terminated the broadcast.

With the ongoing pestilence that is the COVID-19 pandemic, the nation’s state and federal courts have largely been forced to conduct proceedings remotely via videoconferencing services. While Zoom and others do offer settings that can prevent participants from injecting their own audio and video into the stream unless invited to do so, those settings evidently were not enabled in today’s meeting.

At issue before the court today was a defense motion to modify the amount of the defendant’s bond, which has been set at $750,000. The prosecution had argued that Clark should be required to show that any funds used toward securing that bond were gained lawfully, and were not merely the proceeds from his alleged participation in the Twitter bitcoin scam or some other form of cybercrime.

Florida State Attorney Andrew Warren’s reaction as a Pornhub clip began streaming to everyone in today’s Zoom proceeding.

Mr. Clark’s attorneys disagreed, and spent most of the uninterrupted time in today’s hearing explaining why their client could safely be released under a much smaller bond and close supervision restrictions.

On Sunday, The New York Times published an in-depth look into Clark’s wayward path from a small-time cheater and hustler in online games like Minecraft to big-boy schemes involving SIM swapping, a form of fraud that involves social engineering employees at mobile phone companies to gain control over a target’s phone number and any financial, email and social media accounts associated with that number.

According to The Times, Clark was suspected of being involved in a 2019 SIM swapping incident which led to the theft of 164 bitcoins from Gregg Bennett, a tech investor in the Seattle area. That theft would have been worth around $856,000 at the time; these days 164 bitcoins is worth approximately $1.8 million.

The Times said that soon after the theft, Bennett received an extortion note signed by Scrim, one of the hacker handles alleged to have been used by Clark. From that story:

“We just want the remainder of the funds in the Bittrex,” Scrim wrote, referring to the Bitcoin exchange from which the coins had been taken. “We are always one step ahead and this is your easiest option.”

In April, the Secret Service seized 100 Bitcoins from Mr. Clark, according to government forfeiture documents. A few weeks later, Mr. Bennett received a letter from the Secret Service saying they had recovered 100 of his Bitcoins, citing the same code that was assigned to the coins seized from Mr. Clark.

Florida prosecutor Darrell Dirks was in the middle of explaining to the judge that investigators are still in the process of discovering the extent of Clark’s alleged illegal hacking activities since the Secret Service returned the 100 bitcoin when the porn clip was injected into the Zoom conference.

Ultimately, Judge Nash decided to keep the bond amount as is, but to remove the condition that Clark prove the source of the funds.

Clark has been charged with 30 felony counts and is being tried as an adult. Federal prosecutors also have charged two other young men suspected of playing roles in the Twitter hack, including a 22-year-old from Orlando, Fla. and a 19-year-old from the United Kingdom.

Yotpo raises $75M for its e-commerce marketing cloud

“Marketing cloud” has become an increasingly popular concept in the world of marketing technology — used by the likes of Salesforce, Adobe, Oracle and others to describe their digital tool sets for organizations to identify and connect with customers. Now, a startup that is building its own take on the idea aimed specifically at e-commerce companies is announcing some funding after seeing a surge of business in the last few months.

Yotpo, which provides a suite of tool to help direct-to-consumer and other e-commerce players build better relationships with customers, is today announcing that it has raised $75 million in funding, money it will use to continue growing its suite of products, as well as to acquire more customers and build out more integration partnerships.

The Series E included a number of Yotpo’s existing investors, namely Bessemer Venture Partners, Access industries (the owner of Warner Music Group, among a number of other holdings) and Vertex Ventures (a subsidiary of Temasek), new investor Hanaco (which focuses on Israeli startups — Yotpo is co-headquartered in Tel Aviv and New York) and other unnamed investors.

It brings the total raised by the startup to $176 million, and while it’s not disclosing valuation, its CEO Tomer Tagrin — who co-founded the company with COO Omri Cohen — describes it as “nearly a unicorn.”

“I like to call what we’re building a flamingo, which is also a rare and beautiful animal but also a real thing, and we are a proper business,” he said in an interview, adding that Yotpo is on target for ARR next year to be $100 million.

The company had its start as an app in Shopify’s App Store, providing tools to Shopify customers to help with customer engagement by way of user-generated content, and while it has outgrown that single relationship — it now has some 500 additional strategic partners, including Salesforce, Adobe, BigCommerce and others — Yotpo’s CEO still likes to describe his company in Shopify-ish terms.

“Just as Shopify manages your business, we manage your customers end to end,” Tagrin said. He said that while it’s great to see the bigger trend of consolidation around marketing clouds, it’s not a one-size-fits-all problem. He believes Yotpo’s e-commerce-specific approach to that stands apart from the pack because it addresses issues unique to D2C and other e-commerce companies.

Yotpo’s services today include SMS and visual marketing, loyalty and referral services and reviews and ratings, which are used by a range of e-commerce companies, spanning from newer direct-to-consumer brands like Third Love and Away, to more established names like Patagonia and 1-800-Flowers. Some of these have been built in-house, and some by way of acquisition — most recently, SMSBump, in January. The plan is to use some of the funding to continue that acquisition strategy.

“Since our first investment more than three years ago, Tomer and Omri have executed flawlessly, expanding the product suite, serving a wider range of customers, and continually hiring strong talent across the organization,” says Adam Fisher, a partner at BVP, in a statement. “Yotpo is singularly focused on helping direct-to-consumer eCommerce brands solve the dual challenge of engaging consumers and increasing revenue, and with their multi-product strategy and innovative edge, they are uniquely positioned to dominate the eCommerce industry for years to come.”

Yotpo is built as a freemium platform, with some 9,000 customers paying for services, and a further 280,000 customers on its free-usage tier. Customer count grew by 250% in the last year, Tagrin said.

The COVID-19 pandemic has had a well-documented impact on internet use, and specifically e-commerce, as people turned to digital channels in record numbers to procure things while complying with shelter-in-place orders, or trying to increase social distancing to slow down the spread of the coronavirus.

E-commerce has been on the rise for years, but the acceleration of that trend has been drastic since February, with revenue and spend both regularly exceeding baseline figures over the last several months, according to research from digital marketing agency Common Thread Collective.

That, in turn, had a big impact on companies that help enable those e-commerce enterprises operate in more direct and personable ways. Yotpo was a direct beneficiary: It said it had a surge of sign-ups of new customers, many taking paid services, working out to a 170% year-on-year ARR and lower customer churn.

The bigger picture, of course, is not completely rosy, with thousands of layoffs across the whole tech service, and a huge number of brick-and-mortar business closures. Those economic indicators could ultimately also have a knock-on effect not just in more business moving online, but also a slowdown in spending overall.

That will inevitably have an impact on startups like Yotpo, too, which is definitely on a rise now but will continue to think longer term about the impact and how it can continue to diversify its products to meet a wider set of customer use cases.

For example, today, the company addresses customer care needs by way of integrations with companies like Zendesk, but longer term it might consider how it can bring in services like this to continue to build out the touchpoints between D2C brands and their customers, and specifically running those through a bigger picture of the customer as profiled on Yotpo’s platform.

This is a big part of our product in our meetings and debates,” Tagrin said about product expansions.

“I do think any celebration of growth and funding comes to me with something else: we need to be internalising more what is going on,” he said. “The world is not back to normal and we shouldn’t act like it is.”

Intercom hires a CFO as it ramps toward an IPO

Today Intercom announced that it has hired a chief financial officer (CFO) as it ramps toward an IPO. The unicorn also promoted its COO to the CEO role earlier this year.

The company’s recent CEO, Karen Peacock, told TechCrunch that her new CFO Dan Griggs was a strong candidate thanks to his experience helping take Rocket Fuel public, and for helping execute a “whole business transformation” at Sitecore, where he worked immediately before coming to Intercom.

Intercom is a software startup that sells customer-chat software that works with support and marketing teams. Different tiers of its service allow for automated “conversational” campaigns, and custom bots. The company has raised a hair over $240 million, according to PitchBook data.

Griggs told TechCrunch that he was not in the market for a new role, but conversations with Peacock drew him in.

Peacock took over the CEO role after around three years as the company’s COO, during which time it became known that the preceding CEO had made “unwanted advances” on employees. Intercom also underwent layoffs before Peacock took over the helm. According to reporting, the firm cut around 6% of its staff in May, a time when many tech companies were trimming personnel due to market uncertainties surrounding COVID-19 and its economic disruptions. (Update: Following publication, Intercom stressed that co-founder Eoghan McCabe earned support from its board after an investigation into the allegations in 2019. During a call, the company also emphasized that an external party had executed the investigation.)

Now Intercom has a refreshed C-suite, and is at IPO scale.

According to TechCrunch reporting at the time Peacock took over as CEO, Intercom had around $150 million in annual recurring revenue (ARR). The company clarified to TechCrunch that the ARR milestone was reached at the end of its last fiscal year, or the conclusion of January of 2020.

Dan Griggs, via the company.

Intercom, Griggs said, is near profitability and is growing in the “strong” double digits. We read that as meaning between 50% and 99% growth, implying the company could close its current fiscal year (January 2021) with $225 million to $298.5 million in ARR, with a bias — thanks to the laws of large numbers — toward the smaller figure.

With a CFO with IPO experience on hand, a new CEO, a material revenue base and good growth, when is the IPO? Not soon, sadly. The CFO said his company doesn’t need to raise new capital, and that it has enough liquidity today to invest. That’s financial-speak for “no rush.”

The CEO is on the same page, saying during the same call that Intercom is not in a hurry to go public, and wants to build out some internal infrastructure before executing the transaction. There won’t be an IPO for at least 12 months, she estimated.1 (Update: Intercom reached out after publication to clarify that the timeline discussed in our call was imprecise. The IPO is at least two years away.)

Intercom hit some market chop in 2020 and had to spend parts of the last year or so cleaning up internal issues. Now, in theory, it has sorted house, and is operating in a market that has greatly rewarded software startups in recent quarters, especially those helping other companies operate digitally.

Let’s see how fast Intercom can grow. We’ll get the full retrospective with its eventual S-1.

  1. Alas.