Rutter comes out of stealth with $1.5M in funding for its e-commerce API

Rutter, a remote-first company, is developing a unified e-commerce API that enables companies to connect with data across any platform.

On Friday the company announced it was emerging from stealth with $1.5 million in funding from a group of investors including Haystack, Liquid 2 and Basis Set Ventures.

Founders Eric Yu and Peter Zhou met in school and started working on Rutter, which Zhou called “Plaid for commerce,” in 2017 before going through the summer 2019 Y Combinator cohort.

They stumbled upon the e-commerce API idea while working in education technology last year. The pair were creating subscription kits and learning materials for parents concerned about how their children would be learning during the global pandemic. Then their vendor customers had problems listing their storefronts on Amazon, so they wrote scripts to help them, but found that they had to write separate scripts for each platform.

With Rutter, customers only need one script to connect anywhere. Its APIs connect to e-commerce platforms like Shopify, Walmart and Amazon so that tech customers can build functions like customer support and chatbots, Yu told TechCrunch.

Lan Xuezhao, founding and managing partner of Basis Set Ventures, said via email that she was “super excited” about Rutter first because of the founders’ passion, grit and speed of iteration to a product. She added it reminded her of another team that successfully built a business from zero to over $7 billion.

“After watching them (Rutter) for a few years, it’s clear what they built is powerful: it’s the central nervous system of online commerce,” Xuezhao added.

As the founders see it, there are two big explosions going on in e-commerce: the platform side with the adoption of headless commerce — the separating of front end and back end functions of an e-commerce site, and new companies coming in to support merchants.

The new funding will enable Yu and Zhou to build up their team, including hiring more engineers.

Due to the company officially launching at the beginning of the year, Yu did not disclose revenue metrics, but did say that Rutter’s API volume was doubling and tripling in the last few months. It is also supporting merchants that connect with over 5,000 stores.

Some of Rutter’s competitors are building one aspect of commerce, like returns, warranties and checkouts, but Yu said that since Shopify represents just 10% of e-commerce, the company’s goal is to take merchants beyond the marketplace by being “that unified app store for merchants to find products.”

“We think that in the future, the e-commerce stack of a merchant will look like the SaaS stack of a software company,” Zhou added. “We want to be the glue that holds that stack together for merchants.”

 

Greycroft leads $3.5M into Breef, an online marketplace for ad agencies

Breef raised $3.5 million in funding to continue developing what it boasts as “the world’s first online marketplace” for transactions between brands and agencies.

Greycroft led the round and was joined by Rackhouse Ventures, The House Fund, John and Helen McBain, Lance Armstrong and 640 Oxford Ventures. Including the new round, the New York and Colorado-based company has brought in total funding of $4.5 million since its inception in 2019 by husband-and-wife co-founders George Raptis and Emily Bibb.

Bibb’s background is in digital marketing and brand building at companies like PopSugar, VSCO and S’well, while Raptis was on the founding team at fintech company Credible.com.

Both said they experienced challenges in finding agencies, which traditionally involved asking for referrals and then making a bunch of calls. There were also times when their companies would be in high demand for talent, but didn’t necessarily need a full-time employee to achieve the goal or project milestone.

While the concept of outsourcing is not new, Breef’s differentiator is its ability to manage complex projects: a traditional individual freelance project is less than $1,000 and takes a week or less. Instead, the company is working with team-based projects that average $25,000 with a length of engagement of about six months, Raptis said.

Breef’s platform is democratizing how brands and boutique agencies connect with each other in the process of planning, scoping, pitching and paying for projects, Raptis told TechCrunch.

“At the core, we are taking the agency online,” Bibb added. “We are building a platform to streamline a complicated process for outsourcing high-value work and allow users to find, pay for and work with agencies in days rather than months.”

Brands can draft their own brief to articulate what they need, and Breef will connect them to a short list of agencies that match those requirements. Rather than a one- or two-month search, the company is able to bring that down to five days.

Bibb and Raptis decided to seek venture capital after experiencing demand — millions of dollars in projects are being created on the platform each month — and some tailwinds from the shift to remote work. They saw many brands that may have originally utilized in-house teams or agencies of record turn to distributed or smaller teams.

Due to the nature of agency work being expensive, Breef is processing large amounts of money over the internet, and the founders want to continue developing the technology and hiring talent so that it is a secure and trustworthy system.

It also launched its buy now, pay later project funding service, Breef(pay), to streamline payments to agencies and reduce cash flow challenges. Users can construct their own payment terms, mix up the way they are paid and utilize a credit line or defer payments to control external spend.

To date, Breef has more than 5,000 vetted boutique agencies in 20 countries on its platform and is able to save its users an average of 32% in product costs compared with a traditional agency model. It boasts a customer list that includes Spotify, Brex, Shutterstock, Bluestone Lane and Kinrgy.

Kevin Novak, founder of Rackhouse Ventures, said he met Raptis through the Australian tech community. He recently launched his first fund targeting startups in novel applications of data.

“When they were talking to me about what they wanted to do, I got intrigued,” Novak said. “I like finding marketplaces where the idea is well understood by the people involved. Looking at the matching problem, Emily and George have found a unique way to find ad agencies that hasn’t existed before.”

 

Wanted: Disgruntled Employees to Deploy Ransomware

Criminal hackers will try almost anything to get inside a profitable enterprise and secure a million-dollar payday from a ransomware infection. Apparently now that includes emailing employees directly and asking them to unleash the malware inside their employer’s network in exchange for a percentage of any ransom amount paid by the victim company.

Image: Abnormal Security.

Crane Hassold, director of threat intelligence at Abnormal Security, described what happened after he adopted a fake persona and responded to the proposal in the screenshot above. It offered to pay him 40 percent of a million-dollar ransom demand if he agreed to launch their malware inside his employer’s network.

This particular scammer was fairly chatty, and over the course of five days it emerged that Hassold’s correspondent was forced to change up his initial approach in planning to deploy the DemonWare ransomware strain, which is freely available on GitHub.

“According to this actor, he had originally intended to send his targets—all senior-level executives—phishing emails to compromise their accounts, but after that was unsuccessful, he pivoted to this ransomware pretext,” Hassold wrote.

Abnormal Security documented how it tied the email back to a young man in Nigeria who acknowledged he was trying to save up money to help fund a new social network he is building called Sociogram.

Image: Abnormal Security.

Reached via LinkedIn, Sociogram founder Oluwaseun Medayedupin asked to have his startup’s name removed from the story, although he did not respond to questions about whether there were an inaccuracies in Hassold’s report.

“Please don’t harm Sociogram’s reputation,” Medayedupin pleaded. “I beg you as a promising young man.”

This attacker’s approach may seem fairly amateur, but it would be a mistake to dismiss the threat from West African cybercriminals dabbling in ransomware. While multi-million dollar ransomware payments are hogging the headlines, by far the biggest financial losses tied to cybercrime each year stem from so-called Business Email Compromise (BEC) or CEO Scams, in which crooks mainly based in Africa and Southeast Asia will spoof communications from executives at the target firm in a bid to initiate unauthorized international wire transfers.

According to the latest figures (PDF) released by the FBI Internet Crime Complaint Center (IC3), the reported losses from BEC scams continue to dwarf other cybercrime loss categories, increasing to $1.86 billion in 2020.

Image: FBI

“Knowing the actor is Nigerian really brings the entire story full circle and provides some notable context to the tactics used in the initial email we identified,” Hassold wrote. “For decades, West African scammers, primarily located in Nigeria, have perfected the use of social engineering in cybercrime activity.”

“While the most common cyber attack we see from Nigerian actors (and most damaging attack globally) is business email compromise (BEC), it makes sense that a Nigerian actor would fall back on using similar social engineering techniques, even when attempting to successfully deploy a more technically sophisticated attack like ransomware,” Hassold concluded.

DON’T QUIT YOUR DAY JOB

Cybercriminals trolling for disgruntled employees is hardly a new development. Big companies have long been worried about the very real threat of disgruntled employees creating identities on darknet sites and then offering to trash their employer’s network for a fee (for more on that, see my 2016 story, Rise of the Darknet Stokes Fear of the Insider).

Indeed, perhaps this enterprising Nigerian scammer is just keeping up with current trends. Several established ransomware affiliate gangs that have recently rebranded under new banners seem to have done away with the affiliate model in favor of just buying illicit access to corporate networks.

For example, the Lockbit 2.0 ransomware-as-a-service gang actually includes a solicitation for insiders in the desktop wallpaper left behind on systems encrypted with the malware.

“Would you like to earn millions of dollars? Our company acquires access to networks of various companies, as well as insider information that can help you steal the most valuable data of any company,” LockBit’s unusual ad reads. “You can provide us accounting data for the access to any company, for example, login and password to RDP, VPN, corporate email, etc. Open our letter at your email. Launch the provided virus on any computer in your company. Companies pay us the foreclosure for the decryption of files and prevention of data leak.”

Image: Sophos.

Likewise, the newly formed BlackMatter ransomware gang kicked off its presence on the cybercrime forums with the unassuming thread, “Buying/monetizing your access to corporate networks.” The rest of the post reads:

We are looking for access to corporate networks in the following countries:
– the USA
– Canada
– Australia
– the UK

All lines of business except for:
– Healthcare
– Government entities.

Requirements:
– Revenue according to ZoomInfo: over 100 million.
– Number of hosts: 500 to 15,000.
– We do not accept networks that anybody else has already tried to work on.

Two options of cooperation:
– We buy networks: 3 to 100k.
– We monetize them (subject to negotiation on a case-by-case basis).

How we work:
You select an option of cooperation. -> You provide access to the network. -> We check it. -> We take it or not (depending on whether it meets the requirements).

B2B sales platform Accord adds $1M to seed round

Accord opened up its previously announced $6 million seed round to accept over $1 million from a group of CEOs and sales leads at companies they are working with to officially launch its business-to-business sales platform.

Brothers Ross and Ryan Rich co-founded the San Francisco-based company in 2019 with Wayne Pan to create a customer collaboration platform that, in the words of CEO Ross Rich, “makes the process of buying and selling suck less.”

The average sales deal can involve 14 people, just on the buyer side, which means teams do a lot of “herding cats” in order to drive consensus on sales, he said.

Instead, Accord’s application provides shared next steps and milestones for buying and selling teams to align on so that the right people are looped in at the right time.

“Our unique approach is helping management and sales, but also helping the buyer, which is how you build a relationship,” Ross Rich explained. “Before COVID, you could go onsite, but now you can’t do that. You also have to adjust to the buyer’s expectations, and with business-to-consumer, everything is ‘now and immediate.’ ”

The company’s target market is technology startups, but Ross Rich said Accord is now attracting interest from medical device companies and others where there is no software that bridges the gap between external parties.

Over the past six months, Accord doubled its team and was approached by multiple companies with acquisition offers. However, just a year-and-a-half into the company Rich said he is not entertaining those kinds of offers just yet.

“We have barely scratched the surface and would be selling ourselves short not having had a swing at it,” he added.

The company decided to focus on non-institutional investors when it raised this uncapped round, opting not to grow the board, Rich said.

Instead, it gathered a group of CEOs and sales leads from companies it works with — people who were getting it and seeing the value, including Mike Murchison, co-founder and CEO of Ada Support, who said via email that Ada’s B2B growth “exploded in part because of our focus on being a true partner — not simply a vendor — to our clients.” He added that Accord made it easy for Ada’s sales teams to offer a collaborative buying process.

Another investor, Stephanie Schatz, one of Accord’s advisors, said via email she got in on the round due to Ross Rich having “all the right ingredients for a successful founder,” and the product, which she said was taking into account how people want to buy.

“Ross has intelligence, drive, passion, vision and charisma, but on top of that, I have found that he has excellent instincts for leading a team and building a generational company,” she added. “Accord offers CEOs and sales leaders the opportunity to build a high-performing sales team from the very beginning that truly puts customers at the center.”

The new funding will go toward the general launch of the platform and adding to its team of 13. Rich expects a Series A round to quickly follow.

 

Would the math work if Databricks were valued at $38B?

Databricks, the open-source data lake and data management powerhouse has been on quite a financial run lately. Today Bloomberg reported the company could be raising a new round worth at least $1.5 billion at an otherworldly $38 billion valuation. That price tag is up $10 billion from its last fundraise in February when it snagged $1 billion at a $28 billion valuation.

Databricks declined to comment on the Bloomberg post and its possible new valuation.

The company has been growing like gangbusters, giving credence to the investor thesis that the more your startup makes, the more it is likely to make. Consider that Databricks closed 2020 with $425 million in annual recurring revenue, which in itself was up 75% from the previous year.

As revenue goes up so does valuation, and Databricks is a great example of that rule in action. In October 2019, the company raised $400 million at a seemingly modest $6.2 billion valuation (if a valuation like that can be called modest). By February 2021, that had ballooned to $28 billion, and today it could be up to $38 billion if that rumor turns out to be true.

One of the reasons that Databricks is doing so well is it operates on a consumption model. The more data you move through the Databricks product family, the more money it makes, and with data exploding, it’s doing quite well, thank you very much.

It’s worth noting that Databricks’s primary competitor, Snowflake went public last year and has a market cap of almost $83 billion. In that context, the new figure doesn’t feel quite so outrageous, But what does it mean in terms of revenue to warrant a valuation like that. Let’s find out.

Valuation math

Let’s rewind the clock and observe the company’s recent valuation marks and various revenue results at different points in time:

  • Q3 2019: $200 million run rate, $6.2 billion valuation.
  • Q3 2020: $350 million run rate, no known valuation change.
  • EoY 2020: $425 million run rate, $28 billion valuation (Q1 valuation).
  • Q3 2021: Unclear run rate, possible $38 billion valuation.

The company’s 2019 venture round gave Databricks a 31x run rate multiple. By the first quarter of 2021, that had swelled to a roughly 66x multiple if we compare its final 2020 revenue pace to its then-fresh valuation. Certainly software multiples were higher at the start of 2021 than they were in late 2019, but Databricks’s $28 billion valuation was still more than impressive; investors were betting on the company like it was going to be a key breakout winner, and a technology company that would go public eventually in a big way.

To see the company possibly raise more funds would therefore not be surprising. Presumably the company has had a good few quarters since its last round, given its history of revenue accretion. And there’s only more money available today for growing software companies than before.

But what to make of the $38 billion figure? If Databricks merely held onto its early 2021 run rate multiple, the company would need to have reached a roughly $575 million run rate, give or take. That would work out to around 36% growth in the last two-and-a-bit quarters. That works out to less than $75 million in new run rate per quarter since the end of 2020.

Is that possible? Yeah. The company added $75 million in run rate between Q3 2020 and the end of the year. So you can back-of-the-envelope the company’s growth to make a $38 billion valuation somewhat reasonable at a flat multiple. (There’s some fuzz in all of our numbers, as we are discussing rough timelines from the company; we’ll be able to go back and do more precise math once we get the Databricks S-1 filing in due time.)

All this raises the question of whether Databricks should be able to command such a high multiple. There’s some precedent. Recently, public software company Monday.com has a run rate multiple north of 50x, for example. It earned that mark on the back of a strong first quarter as a public company.

Databricks securing a higher multiple while private is not crazy, though we wonder if the data-focused company is managing a similar growth rate. Monday.com grew 94% on a year-over-year basis in its most recent quarter.

All this is to say that you can make the math shake out for Databricks to raise at a $38 billion valuation, but built into that price is quite a lot of anticipated growth. Top quartile public software companies today trade for around 23x their forward revenues, and around 27x their present-day revenues, per Bessemer. To defend its possible new valuation when public, then, leaves quite a lot of work ahead of Databricks.

The company’s CEO, Ali Ghodsi, will join us at TC Sessions: SaaS on October 27th, and we should know by then if this rumor is, indeed true. Either way, you can be sure we are going to ask him about it.

 

Medical supply marketplace startup bttn. sews up additional $5M seed

Coming off a $1.5 million seed round in June, bttn. announced Thursday that it secured another $5 million extension, led by FUSE, to the round to give it a $26.5 million post-money valuation.

The Seattle-based company was founded in March 2021 by JT Garwood and Jack Miller after seeing the challenges medical organizations had during the global pandemic to not only find supplies, but also get fair prices for them.

“We went into this building on the pain points customers had dealing with a system that is so archaic and outdated — most were still faxing in order forms and keeping closets full of supplies, but not knowing what was there,” Garwood, CEO, told TechCrunch.

Bttn. is going after the U.S. wholesale medical supply market, which is predicted to be valued at $243.3 billion by the end of 2021, according to IBISWorld. The company created a business-to-business e-commerce platform with a variety of high-quality medical supplies, saving customers an average of between 20% and 40%, while providing a better ordering and shipping experience, Garwood said.

It now boasts more than 300 customers, including individual practices and surgical centers, and multiple government contracts. It is also currently the preferred supplier for over 17 healthcare associations across the country, Garwood said. In addition to expanding into dental supplies, bttn. is also attracting customers like senior living facilities and home and hospice care.

Garwood intends to use the funds to expand bttn.’s technology, sales and operations teams, and increase its partnerships. The company is also adding new features like a portal to track shipments more easily, better order automation and improve the ability to control when supplies will get to them.

Bttn. is also analyzing more of the data coming in from its marketplace to recognize where the trends are coming from, including hospitalization rates, to share with customers. For example, if hospitals are overcrowded, supply shortages will follow, Garwood said.

“The medical supply industry was built on inequity, and we have a sense of duty to build a product that enables a better future for our customers,” he added. “We can proactively let customers know that spikes are expected, provide them with correct information and give that power back to the consumers and healthcare providers in ways they never had before.”

Whereas bttn.’s first seed round was “about pouring gas on the fire,” partnering with FUSE this time around was an easy decision for Garwood, who said the firm is bringing new assets to the table.

Brendan Wales, general partner at FUSE, said via email that his firm backs promising entrepreneurs building businesses in the Pacific Northwest and discovered bttn. before they announced any funding.

He said there is massive consumerization of healthcare, most evident on the patient side for years, but now becoming so on the provider side. Medical office employees are looking for the same type of customer experience they get from online businesses they frequently shop at, and bttn. “has a relentless drive to provide the same type of experiences and interactions to health providers.”

“We fell in love with the idea of providing a transparent and delightful customer experience to health providers, something that has been sorely lacking,” Wales added. “That, tied in with a young and ambitious team, made it so that our entire partnership worked tirelessly to partner with them.”

 

Insight Partners leads $30M round into Metabase, developing enterprise business intelligence tools

Open-source business intelligence company Metabase announced Thursday a $30 million Series B round led by Insight Partners.

Existing investors Expa and NEA joined in on the round, which gives the San Francisco-based company a total of $42.5 million in funding since it was founded in 2015. Metabase previously raised $8 million in Series A funding back in 2019, led by NEA.

Metabase was developed within venture studio Expa and spun out as an easy way for people to interact with data sets, co-founder and CEO Sameer Al-Sakran told TechCrunch.

“When someone wants access to data, they may not know what to measure or how to use it, all they know is they have the data,” Al-Sakran said. “We provide a self-service access layer where they can ask a question, Metabase scans the data and they can use the results to build models, create a dashboard and even slice the data in ways they choose without having an analyst build out the database.”

He notes that not much has changed in the business intelligence realm since Tableau came out more than 15 years ago, and that computers can do more for the end user, particularly to understand what the user is going to do. Increasingly, open source is the way software and information wants to be consumed, especially for the person that just wants to pull the data themselves, he added.

George Mathew, managing director of Insight Partners, believes we are seeing the third generation of business intelligence tools emerging following centralized enterprise architectures like SAP, then self-service tools like Tableau and Looker and now companies like Metabase that can get users to discovery and insights quickly.

“The third generation is here and they are leading the charge to insights and value,” Mathew added. “In addition, the world has moved to the cloud, and BI tools need to move there, too. This generation of open source is a better and greater example of all three of those.”

To date, Metabase has been downloaded 98 million times and used by more than 30,000 companies across 200 countries. The company pursued another round of funding after building out a commercial offering, Metabase Enterprise, that is doing well, Al-Sakran said.

The new funding round enables the company to build out a sales team and continue with product development on both Metabase Enterprise and Metabase Cloud. Due to Metabase often being someone’s first business intelligence tool, he is also doubling down on resources to help educate customers on how to ask questions and learn from their data.

“Open source has changed from floppy disks to projects on the cloud, and we think end users have the right to see what they are running,” Al-Sakran said. “We are continuing to create new features and improve performance and overall experience in efforts to create the BI system of the future.

 

Tiger Global backs Nacelle with $50M for its e-commerce infrastructure

Consumer shift to buying online during the global pandemic — and keeping that habit — continues to boost revenue for makers of developer tools that help e-commerce sites provide better shopping experiences.

LA-based Nacelle is one of the e-commerce infrastructure companies continuing to attract investor attention, and at a speedy clip, too. It closed on a $50 million Series B round from Tiger Global. This is just six months after its $18 million Series A round, led by Inovia, and follows a $4.8 million seed round in 2020.

The company is working in “headless” commerce, which means it is disconnecting the front end of a website, a.k.a. the storefront, from the back end, where all of the data lives, to create a better shopping experience, CEO Brian Anderson told TechCrunch. By doing this, the back end of the store, essentially where all the magic happens, can be updated and maintained without changing the front end.

“Online shopping is not new, but how the customer relates to it keeps changing,” he said. “The technology for online shopping is not up to snuff — when you click on something, everything has to reload compared to an app like Instagram.”

More people shopping on their mobile devices creates friction due to downloading an app for each brand. That is “sucking the fun out of shopping online,” because no one wants that many apps on their phone, Anderson added.

Steven Kramer, board member and former EVP of Hybris, said via email that over the past two decades, the e-commerce industry went through several waves of innovation. Now, maturing consumer behaviors and expectations are accelerating the current phase.

“Retailers and brands are struggling with adopting the latest technologies to meet today’s requirements of agility, speed and user experience,” Kramer added. “Nacelle gives organizations a future-proof way to accelerate their innovation, leverage existing investments and do so with material ROI.”

Data already shows that COVID-era trends accelerated e-commerce by roughly five years, and Gartner predicts that 50% of new commerce capabilities will be incorporated as API-centric SaaS services by 2023.

Those kinds of trends are bringing in competitors that are also attracting investor attention — for example, Shopistry, Swell, Fabric, Commerce Layer and Vue Storefront are just a few of the companies that raised funding this year alone.

Anderson notes that the market continues to be hot and one that can’t be ignored, especially as the share of online retail sales grows. He explained that some of his competitors force customers to migrate off of their current tech stack and onto their respective platforms so that their users can get a good customer experience. In contrast, Nacelle enables customers to keep their tech stack and put components together as they see fit.

“That is painful in any vertical, but especially for e-commerce,” he said. “That is your direct line to revenue.”

Meanwhile, Nacelle itself grew 690% in the past year in terms of revenue, and customers are signing multiyear contracts, Anderson said.

Anderson, who is an engineer by trade, wants to sink his teeth into new products as adoption of headless commerce grows. These include providing a dynamic layer of functionality on top of the tech stack for storefronts that are traditionally static, and even introducing some livestream capabilities later this year.

As such, Nacelle will invest the new round into its go-to-market strategy and expand its customer success, partner relations and product development. He said Nacelle is already “the de facto standard” for Shopify Plus merchants going headless.

“We want to put everything in a tailor-made API for e-commerce that lets front-end developers do their thing with ease,” Anderson added. “We also offer starter kits for merchants as a starting point to get up-and-running.”

UIPath CEO Daniel Dines is coming to TC Sessions: SaaS to talk RPA and automation

UIPath came seemingly out of nowhere in the last several years, going public last year in a successful IPO during which it raised over $527 million. It raised $2 billion in private money prior to that with its final private valuation coming in at an amazing $35 billion. UIPath CEO Daniel Dines will be joining us on a panel on automation at TC Sessions: Saas on October 27th.

The company has been able capture all this investor attention doing something called Robotic Process Automation, which provides a way to automate a series of highly mundane tasks. It has become quite popular, especially to help bring a level of automation to legacy systems that might not be able to handle more modern approaches to automation involving artificial intelligence and machine learning. In 2019 Gartner found that RPA was the fastest growing category in enterprise software.

In point of fact,  UIPath didn’t actually come out of nowhere. It was founded in 2005 as a consulting company and transitioned to software over the years. The company took its first VC funding, a modest $1.5 million seed round in 2015, according to Crunchbase data.

As RPA found its market, the startup began to take off, raising gobs of money including a $568 million round in April 2019 and $750 million in its final private raise in February 2021.

Dines will be appearing on a panel discussing the role of automation in the enterprise. Certainly, the pandemic drove home the need for increased automation as masses of office workers moved to work from home, a trend that is likely to continue even after the pandemic slows.

As the RPA market leader, he is uniquely positioned to discuss how this software and other similar types will evolve in the coming years and how it could combine with related trends like no-code and process mapping. Dines will be joined on the panel by investor Laela Sturdy from Capital G and ServiceNow’s Dave Wright where they will discuss the state of the automation market, why it’s so hot and where the next opportunities could be.

In addition to our discussion with Dines, the conference will also include Databricks’ Ali Ghodsi, Salesforce’s Kathy Baxter and Puppet’s Abby Kearns, as well as investors Casey Aylward and Sarah Guo, among others. We hope you’ll join us. It’s going to be a stimulating day.

Buy your pass now to save up to $100. We can’t wait to see you in October!

Is your company interested in sponsoring or exhibiting at TC Sessions: SaaS 2021? Contact our sponsorship sales team by filling out this form.

( function() {
var func = function() {
var iframe = document.getElementById(‘wpcom-iframe-fd487e61d141961d6b745f1e7727a012’)
if ( iframe ) {
iframe.onload = function() {
iframe.contentWindow.postMessage( {
‘msg_type’: ‘poll_size’,
‘frame_id’: ‘wpcom-iframe-fd487e61d141961d6b745f1e7727a012’
}, “https://tcprotectedembed.com” );
}
}

// Autosize iframe
var funcSizeResponse = function( e ) {

var origin = document.createElement( ‘a’ );
origin.href = e.origin;

// Verify message origin
if ( ‘tcprotectedembed.com’ !== origin.host )
return;

// Verify message is in a format we expect
if ( ‘object’ !== typeof e.data || undefined === e.data.msg_type )
return;

switch ( e.data.msg_type ) {
case ‘poll_size:response’:
var iframe = document.getElementById( e.data._request.frame_id );

if ( iframe && ” === iframe.width )
iframe.width = ‘100%’;
if ( iframe && ” === iframe.height )
iframe.height = parseInt( e.data.height );

return;
default:
return;
}
}

if ( ‘function’ === typeof window.addEventListener ) {
window.addEventListener( ‘message’, funcSizeResponse, false );
} else if ( ‘function’ === typeof window.attachEvent ) {
window.attachEvent( ‘onmessage’, funcSizeResponse );
}
}
if (document.readyState === ‘complete’) { func.apply(); /* compat for infinite scroll */ }
else if ( document.addEventListener ) { document.addEventListener( ‘DOMContentLoaded’, func, false ); }
else if ( document.attachEvent ) { document.attachEvent( ‘onreadystatechange’, func ); }
} )();

T-Mobile: Breach Exposed SSN/DOB of 40M+ People

T-Mobile is warning that a data breach has exposed the names, date of birth, Social Security number and driver’s license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company. The acknowledgment came less than 48 hours after millions of the stolen T-Mobile customer records went up for sale in the cybercrime underground.

In a statement Tuesday evening, T-Mobile said a “highly sophisticated” attack against its network led to the breach of data on millions of customers.

“Our preliminary analysis is that approximately 7.8 million current T-Mobile postpaid customer accounts’ information appears to be contained in the stolen files, as well as just over 40 million records of former or prospective customers who had previously applied for credit with T-Mobile,” the company wrote in a blog post. “Importantly, no phone numbers, account numbers, PINs, passwords, or financial information were compromised in any of these files of customers or prospective customers.”

Nevertheless, T-Mobile is urging all T-Mobile postpaid customers to proactively change their account PINs by going online into their T-Mobile account or calling customer care at 611. “This precaution is despite the fact that we have no knowledge that any postpaid account PINs were compromised,” the advisory reads.

It is not clear how many people total may be impacted by this breach. T-Mobile hasn’t yet responded to requests for clarification regarding how many of the 7.8 million current customers may also have been affected by the credit application breach.

The intrusion first came to light on Twitter when the account @und0xxed started tweeting the details, and someone on a cybercrime forum began selling what they claimed were more than 100 million freshly hacked records from T-Mobile. The hackers claimed one of those databases held the name, date of birth, SSN, drivers license information, plaintext security PIN, address and phone number of 36 million T-Mobile customers in the United States — all going back to the mid-1990s.

T-Mobile said it was also able to confirm approximately 850,000 active T-Mobile prepaid customer names, phone numbers and account PINs were also exposed.

“We have already proactively reset ALL of the PINs on these accounts to help protect these customers, and we will be notifying accordingly right away. No Metro by T-Mobile, former Sprint prepaid, or Boost customers had their names or PINs exposed,” T-Mobile said. “We have also confirmed that there was some additional information from inactive prepaid accounts accessed through prepaid billing files. No customer financial information, credit card information, debit or other payment information or SSN was in this inactive file.”

T-Mobile said it would pay for two years of identity theft protection services for any affected customers, and that it was offering “an extra step to protect your mobile account with our Account Takeover Protection capabilities for postpaid customers, which makes it harder for customer accounts to be fraudulently ported out and stolen.” Why it wouldn’t make that extra protection standard for all accounts all the time is not entirely clear.

This stolen data is being actively sold, but if the past is any teacher much of it will wind up posted online soon. It is a safe bet that scammers will use some of this information to target T-Mobile users with phishing messages, account takeovers and harassment.

T-Mobile customers should expect to see phishers taking advantage of public concern over the breach to impersonate the company — and possibly even messages that include the recipient’s compromised account details to make the communications look more legitimate.

Data stolen and exposed in this breach may also be used for identity theft. Credit monitoring and ID theft protection services can help you recover from having your identity stolen, but most will do nothing to stop the ID theft from happening. If you want the maximum control over who should be able to view your credit or grant new lines of credit in your name, then a security freeze is your best option.

If you’re a current T-Mobile customer, by all means change your account PIN as instructed. But regardless of which mobile provider you patronize, consider removing your phone number from as many online accounts as you can. Many online services require you to provide a phone number upon registering an account, but in many cases that number can be removed from your profile afterwards.

Why do I suggest this? Many online services allow users to reset their passwords just by clicking a link sent via SMS, and this unfortunately widespread practice has turned mobile phone numbers into de facto identity documents. Which means losing control over your phone number thanks to an unauthorized SIM swap or mobile number port-out, divorce, job termination or financial crisis can be devastating.