Year: 2019

Breather, the platform that provides on-demand private workspace, announced today that it has appointed Bryan Murphy as its new CEO.

Before joining Breather, Murphy was the founder and President of direct-to-consumer mattress startup, Tomorrow Sleep. Prior to Tomorrow Sleep, Murphy held posts as an advisor to investment firms and as an executive at eBay after the company acquired his previous company, WHI Solutions – an e-commerce platform for aftermarket auto parts – where Murphy was the co-founder and CEO.

Breather believes Murphy’s extensive background scaling e-commerce and SaaS platforms, as well as his experience working with incumbents across a number of traditional industries, can help it execute through its next stage of global growth.

Murphy is filling the vacancy left by co-founder and former CEO Julien Smith, who stepped down as chief executive this past September, just three months after the company completed its $45 million Series C round, which was led by Menlo Ventures and saw participation from RRE Ventures, Temasek Holdings, Ascendas-Singbridge, and Caisse de Depot et Placement du Quebec.

In a past statement on his transition, Smith said: “As I reflect on my strengths and consider what it will take for the company to reach its full potential, I realize bringing on an executive with experience scaling a company through the next level of growth is the best thing for the business.”

Smith, who remains with the company as Chairman of the Board, believes Murphy more than fits the bill. “Bryan’s record of scaling brands in competitive markets makes him an ideal leader to support this momentum, and I’m excited to see where he takes us next,” Smith said.

In a conversation with TechCrunch, Murphy explained that Breather’s next growth phase will ultimately come down to its ability to continue the global expansion of its network of locations and partner landlords while striking the optimal balance between rental economics and employee utility, productivity and performance. With new spaces and ramped marketing efforts, Murphy and the company expect 2019 to be a big year for Breather – “I think this year, you’re going to start hearing a lot about Breather and it really being in a leadership role for the industry.”

On Breather’s platform, users are currently able to access a network of over 500 private workspaces across ten major cities around the world, which can be booked as meeting space or short-term private office space.

Meeting spaces can be reserved for as little as 30 minutes, while office space can be booked on a month-to-month basis, providing businesses with financial flexibility, private and more spacious alternatives to coworking options, and the ability to easily change offices as they grow. For landlords, Breather allows property owners to generate value from underutilized space by providing a turnkey digital booking system, as well as expertise in the short-term rental space.

Murphy explained to TechCrunch that part of what excited him most about his new role was his belief in Breather’s significant product-market fit and the immense addressable market that he sees for flexible workspaces longer-term. With limited penetration to date, Murphy feels the commercial office space industry is in just the third inning of significant transformation. 

Murphy believes that long-term growth for Breather and other flexible space providers will be driven by a heightened focus on employee flexibility and wellness, a growing number of currently underserved companies whose needs fall between coworking and traditional direct leasing, and the need for landlords to support a wider variety of office space options as workforce demographics and behaviors shift. 

Murphy believes that the ease, flexibility and unlocked value Breather provides puts the platform in a great position to win share.

“Breather has built a remarkable commercial real estate e-commerce and services platform that offers one-click access to over 500 workspaces around the world,” said Murphy in a press release. “To our customers, having access to workspace that is turnkey, affordable, beautiful, productive and that can flex up and down based on needs is a total game changer.”

To date, Breather has served over 500,000 customers and has raised over $120 million in investment.

Alation, a startup that helps crawl a company’s databases in order to build a data search catalogue, announced a $50 million Series C investment today.

The round was led by Sapphire Ventures and Salesforce Ventures. Existing investors Costanoa Ventures, DCVC (Data Collective), Harmony Partners and Icon Ventures also participated. Today’s investment brings the total raised to $82 million, according to Crunchbase data.

The participation of Sapphire Ventures, originally launched by SAP, and Salesforce Ventures, the venture arm of Salesforce, is particularly telling. One of the issues these enterprise software companies face when they go inside large enterprises is helping customer access and understand data wherever it lives. It’s one of the reasons that Salesforce bought Mulesoft for $6.5 billion last year.

This is a problem that employees face, as well. It’s simply inefficient to query multiple databases manually, or to even know what databases exist inside a large organization. Alation uses out-of-the-box connectors to connect to common data sources like Oracle, Redshift, Teradata, Spark and Tableau to create a centralized data catalog.

With that catalog in place, employees can search just as they would with any enterprise search engine with the notable difference that this tool is focussed strictly on structured data inside of supported data sources.

The company goes beyond pure matching to find the data an employee is searching for. Company CEO and co-founder Satyen Sangani says they also use a method to analyze usage to display the most likely result. “What differentiates us in particular is that we look at the logs of how people are using that information,” he explained. This is analogous to how Google uses the PageRank algorithm to measure the popularity of a page based on the number of times people link to a page.

It is certainly not alone in the space with competitors like Alteryx and Informatica, but Alation’s approach seems to be resonating. Sangani reports triple-digit growth 4 years running. The company has soared from 89 employees at the end of last year to around 200 today. It boasts 100 large enterprise customers in production including names like BMW, Hilton, American Express and Salesforce (whose investment arm, Salesforce Ventures, notably also helped lead today’s round).

As the company grows rapidly, Sangani says he wants the capital in place to help fuel the increasing interest. The size and scope of his customers means that he will need to hire not just engineers to keep developing the product and building new connectors, but customer support and sales and marketing. In all, he expects add between 100 and 200 employees in the next year.

He also wants to continue building out partnerships. As an example, Teradata is an authorized reseller, and has helped sell the product in global markets where a startup like Alation might lack the resources to enter.

The company, which is based in in Redwood City, California, launched in 2012 and released the first version of the product in 2014. Its most recent round prior to today was a $23 million Series B in 2017.

Sometimes it take a small bug in one thing to find something massive elsewhere.

During an investigation recent, security firm Forcepoint Labs said it found a new kind of malware that was found taking instructions from a hacker sending commands over the encrypted messaging app Telegram .

The researchers described their newly discovered malware, dubbed GoodSender, as a “fairly simple” Windows-based malware that’s about a year old, which uses Telegram as the method to listen and wait for commands. Once the malware infects its target, it creates a new administrator account and enables remote desktop — and waits. As soon as the malware infects, it sends back the username and randomly generated password to the hacker through Telgram.

It’s not the first time malware has used a commercial product to communicate with malware. If it’s over the internet, hackers are hiding commands in pictures posted to Twitter or in comments left on celebrity Instagram posts.

But using an encrypted messenger makes it far harder to detect. At least, that’s the theory.

Forcepoint said in its research out Thursday that it only stumbled on the malware after it found a vulnerability in Telegram’s notoriously bad encryption.

End-to-end messages are encrypted using the app’s proprietary MTProto protocol, long slammed by cryptographers for leaking metadata and having flaws, and likened to “being stabbed in the eye with a fork.” Its bots, however, only use traditional TLS — or HTTPS — to communicate. The leaking metadata makes it easy to man-in-the-middle the connection and abuse the bots’ API to read bot sent-and-received messages, but also recover the full messaging history of the target bot, the researchers say.

When the researchers found the hacker using a Telegram bot to communicate with the malware, they dug in to learn more.

Fortunately, they were able to trace back the bot’s entire message history to the malware because each message had a unique message ID that increased incrementally, allowing the researchers to run a simple script to replay and scrape the bot’s conversation history.

“This meant that we could track [the hacker’s] first steps towards creating and deploying the malware all the way through to current campaigns in the form of communications to and from both victims and test machines,” the researchers said.

Your bot uncovered, your malware discovered — what can make it worse for the hacker? The researchers know who they are.

Because the hacker didn’t have a clear separation between their development and production workspaces, the researchers say they could track the malware author because they used their own computer and didn’t mask their IP address.

The researchers could also see exactly what commands the malware would listen to: take screenshots, remove or download files, get IP address data, copy whatever’s in the clipboard, and even restart the PC.

But the researchers don’t have all the answers. How did the malware get onto victim computers in the first place? They suspect they used the so-called EternalBlue exploit, a hacking tool designed to target Windows computers, developed by and stolen from the National Security Agency, to gain access to unpatched computers. And they don’t know how many victims there are, except that there is likely more than 120 victims in the U.S., followed by Vietnam, India, and Australia.

Forcepoint informed Telegram of the vulnerability. TechCrunch also reached out to Telegram’s founder and chief executive Pavel Durov for comment, but didn’t hear back.

If there’s a lesson to learn? Be careful using bots on Telegram — and certainly don’t use Telegram for your malware.

Cracking the silos of digital health records promises to bring better care to patients by better informing doctors, according to Abhinav Shashank, the chief executive officer of San Francisco-based startup Innovaccer .

Shashank’s company is just wrapping up a $35 million round of financing with a new $11 million commitment from Microsoft’s investment arm M12 (formerly known as Microsoft Ventures).

The corporate investor joins Westbridge, and Lightspeed Partners, who previously committed to the Series B round last year.

Founded in 2014, Innovaccer has been working to roll up data from a number of different healthcare providers including Hartford Healthcare, University of California, Mercy ACO Iowa, UniNet Healthcare Network of Nebraska, Inmediata Health Integrated Solutions of Puerto Rico, and StratiFi Health Network.

Innovaccer estimates that it has saved its customers $400 million in expenses and the company said it will use the funds to build out its software services that connect to lab systems, electronic health records, claims management software and health information exchanges.

“Innovaccer’s approach to data aggregation and analytics fundamentally helps healthcare organizations implement value-based care models and improve care delivery,” said Rashmi Gopinath, partner at M12, in a statement. “We look to invest in startups addressing huge markets with best-in-class deep technology. We are excited to support Innovaccer as they continue to scale and grow in the global healthcare market.”

In addition to providing a unified view into all of the different records that a care provider touches, the company is also looking to layer in prompts to encourage treatment options for future care, according to Shashank.

According to the company’s chief executive, care providers are already incorporating suggestions from the company’s algorithmically based predictive tools in their treatment plans to ensure that patients are getting the best possible outcomes.

“It is rare to see this type of growth in the healthcare industry. Normally, this is only seen in the fastest of enterprise SaaS companies. We think there is tremendous potential to bring the speed and innovation normally associated with enterprise software to the world of healthcare IT,” says Sumir Chadha, Managing Director at Westbridge Capital.

Two years on from the U.S. presidential election, Facebook continues to have a major problem with Russian disinformation being megaphoned via its social tools.

In a blog post today the company reveals another tranche of Kremlin-linked fake activity — saying it’s removed a total of 471 Facebook pages and accounts, as well as 41 Instagram accounts, which were being used to spread propaganda in regions where Putin’s regime has sharp geopolitical interests.

In its latest reveal of “coordinated inauthentic behavior” — aka the euphemism Facebook uses for disinformation campaigns that rely on its tools to generate a veneer of authenticity and plausibility in order to pump out masses of sharable political propaganda — the company says it identified two operations, both originating in Russia, and both using similar tactics without any apparent direct links between the two networks.

One operation was targeting Ukraine specifically, while the other was active in a number of countries in the Baltics, Central Asia, the Caucasus, and Central and Eastern Europe.

“We’re taking down these Pages and accounts based on their behavior, not the content they post,” writes Facebook’s Nathaniel Gleicher, head of cybersecurity policy. “In these cases, the people behind this activity coordinated with one another and used fake accounts to misrepresent themselves, and that was the basis for our action.”

Sputnik link

Discussing the Russian disinformation op targeting multiple countries, Gleicher says Facebook found what looked like innocuous or general interest pages to be linked to employees of Kremlin propaganda outlet Sputnik, with some of the pages encouraging protest movements and pushing other Putin lines.

“The Page administrators and account owners primarily represented themselves as independent news Pages or general interest Pages on topics like weather, travel, sports, economics, or politicians in Romania, Latvia, Estonia, Lithuania, Armenia, Azerbaijan, Georgia, Tajikistan, Uzbekistan, Kazakhstan, Moldova, Russia, and Kyrgyzstan,” he writes. “Despite their misrepresentations of their identities, we found that these Pages and accounts were linked to employees of Sputnik, a news agency based in Moscow, and that some of the Pages frequently posted about topics like anti-NATO sentiment, protest movements, and anti-corruption.”

Facebook has included some sample posts from the removed accounts in the blog which show a mixture of imagery being deployed — from a photo of a rock concert, to shots of historic buildings and a snowy scene, to obviously militaristic and political protest imagery.

In all Facebook says it removed 289 Pages and 75 Facebook accounts associated with this Russian disop; adding that around 790,000 accounts followed one or more of the removed Pages.

It also reveals that it received around $135,000 for ads run by the Russian operators (specifying this was paid for in euros, rubles, and U.S. dollars).

“The first ad ran in October 2013, and the most recent ad ran in January 2019,” it notes, adding: “We have not completed a review of the organic content coming from these accounts.”

These Kremlin-linked Pages also hosted around 190 events — with the first scheduled for August 2015, according to Facebook, and the most recent scheduled for January 2019. “Up to 1,200 people expressed interest in at least one of these events. We cannot confirm whether any of these events actually occurred,” it further notes.

Facebook adds that open source reporting and work by partners which investigate disinformation helped identify the network.

It also says it has shared information about the investigation with U.S. law enforcement, the U.S. Congress, other technology companies, and policymakers in impacted countries.

Ukraine tip-off

In the case of the Ukraine-targeted Russian disop, Facebook says it removed a total of 107 Facebook Pages, Groups, and accounts, and 41 Instagram accounts, specifying that it was acting on an initial tip off from U.S. law enforcement.

In all it says around 180,000 Facebook accounts were following one or more of the removed pages. While the fake Instagram accounts were being followed by more than 55,000 accounts.  

Again Facebook received money from the disinformation purveyors, saying it took in around $25,000 in ad spending on Facebook and Instagram in this case — all paid for in rubles this time — with the first ad running in January 2018, and the most recent in December 2018. (Again it says it has not completed a review of content the accounts were generating.)

“The individuals behind these accounts primarily represented themselves as Ukrainian, and they operated a variety of fake accounts while sharing local Ukrainian news stories on a variety of topics, such as weather, protests, NATO, and health conditions at schools,” writes Gleicher. “We identified some technical overlap with Russia-based activity we saw prior to the US midterm elections, including behavior that shared characteristics with previous Internet Research Agency (IRA) activity.”

In the Ukraine case it says it found no Events being hosted by the pages.

“Our security efforts are ongoing to help us stay a step ahead and uncover this kind of abuse, particularly in light of important political moments and elections in Europe this year,” adds Gleicher. “We are committed to making improvements and building stronger partnerships around the world to more effectively detect and stop this activity.”

A month ago Facebook also revealed it had removed another batch of politically motivated fake accounts. In that case the network behind the pages had been working to spread misinformation in Bangladesh 10 days before the country’s general elections.

This week it also emerged the company is extending some of its nascent election security measures by bringing in requirements for political advertisers to more international markets ahead of major elections in the coming months, such as checks that a political advertiser is located in the country.

However in other countries which also have big votes looming this year Facebook has yet to announced any measures to combat politically charged fakes.

The era that saw China’s mobile payments providers making handsome interest returns on client money has officially ended.

Starting this week, non-bank payments companies must place 100 percent of their customer deposit funds under centralized, interest-free accounts as Beijing moves to rein in financial risks. In the past, third-party payments firms were allowed to hold pre-paid sums from buyers for a short period of time before transferring the money to merchants. This layout allowed companies like Alibaba’s payments affiliate Ant Financial and Tencent to earn interest by depositing customer money into bank accounts.

Exactly how much money Ant and Tencent derived from these deposits is unclear. Both companies declined to comment on the policy’s revenue implications but said they have complied with the rules and finished transferring all customer reserve funds to a centralized clearing system.

Here are some numbers to help grasp the scale of the lucrative practice. The central bank gave a two-year window for all payments firms to complete the transition as it gradually raised the reserve funds ratio, which climbed to 85 percent in November. By then, total customer funds deposited by non-bank payments companies into central custodians hit 1.24 trillion yuan ($180 billion), while another estimated 260 billion yuan was yet to come under regulated control, shows data published by the People’s Bank of China.

Collectively, the giants account for more than 90 percent of China’s third-party mobile payments and 34 percent of all third-party, internet-based payments (which include both PC and mobile transactions), according to research firm Analysys.

While the regulatory control surely has measurable revenue implication on payments firms, some experts point to another adverse consequence. “Now that payments companies are no longer putting deposits into their [partnering] banks, they lose bargaining power with these banks that charge commissions for handling their mobile payments,” an employee from a major payments firm told TechCrunch on the condition of anonymity.

Tencent doesn’t break down how much it makes from payments but the unit has grown rapidly over the past years while its major income source — video games — took a hit last year. Meanwhile Ant Financial has been diversifying its business to go beyond financial services. It has earnestly marketed itself as a “technology” company by opening its proprietary technologies to a growing list of traditional institutions like banks and insurance companies. Reuters reported earlier that technology services will make up 65 percent of Ant’s revenue in about four years, up from an estimated 34 percent in 2017.

A popular WordPress plugin, installed on thousands of websites to help users share content on social media sites, left linked Twitter accounts exposed to compromise.

The plugin, Social Network Tabs, was storing so-called account access tokens in the source code of the WordPress website. Anyone who viewed the source code could see the linked Twitter handle and the access tokens. These access tokens keep you logged in to the website on your phone and your computer without having to re-type your password every time or entering your two-factor authentication code.

But if stolen, most sites can’t differentiate between a token used by the account owner, or a hacker who stole the token.

Baptiste Robert, a French security researcher who goes by the online handle Elliot Alderson, found the vulnerability and shared details with TechCrunch.

In order to test the bug, Robert found 539 websites using the vulnerable code by searching PublicWWW, a website source code search engine. He then wrote a proof-of-concept script that scraped the publicly available code from the affected websites, collecting access tokens on more than than 400 linked Twitter accounts.

Using the obtained access tokens, Robert tested their permissions by directing those accounts to ‘favorite’ a tweet of his choosing over a hundred times. This confirmed that the exposed account keys had “read/write” access — effectively giving him, or a malicious hacker, complete control over the Twitter accounts.

Among the vulnerable accounts included a couple of verified Twitter users and several accounts with tens of thousands of followers, a Florida sheriff’s office, a casino in Oklahoma, an outdoor music venue in Cincinnati, and more.

Robert told Twitter on December 1 of the vulnerability in the third-part plugin, prompting the social media giant to revoke the keys, rendering the accounts safe again. Twitter also emailed the affected users of the security lapse of the WordPress plugin, but did not comment on the record when reached.

Twitter did its part — what little it could do when the security issue is out of its hands. Any WordPress user still using the plugin should remove it immediately, change their Twitter password, and ensure that the app is removed from Twitter’s connected apps to invalidate the token.

Design Chemical, a Bangkok-based software house that developed the buggy plugin, did not return a request for comment when contacted prior to publication.

On its website, it says the seven-year plugin has been downloaded more than 53,000 times. The plugin, last updated in 2013, still gets dozens of downloads each day.

MITRE assigned the vulnerability CVE-2018-20555. It’s the second bug Robert has disclosed in as many days.

Coinbase is continuing its push to suck up talent after the $8 billion-valued crypto business snapped up Blockspring, a San Francisco-based startup that enables developers to collect and process data from APIs.

The undisclosed deal was announced by Blockspring on its blog, and confirmed to TechCrunch by a Coinbase representative. Coinbase declined to comment further.

Blockspring started out as a serverless data business, but it pivoted into a service that lets companies use API data. That includes purposes such as building list and repositories for recruitment, marketing sales, reporting and more. Pricing starts from $29 per month and Blockspring claims to work with “thousands” of companies.

That startup graduated Y Combinator and, according to Crunchbase, it had raised $3.5 million from investors that include SV Angel and A16z, both of which are Coinbase investors. Those common investors are likely a key reason for the deal, which appears to be a talent acquisition. The Blockspring team will join Coinbase, but it will continue to offer its existing products “for current and new customers as they always have.”

“Joining Coinbase was a no-brainer for a number reasons including its commitment to establishing an open financial system and the strength of its engineering team, led by Tim Wagner (formerly of AWS Lambda). Making the technical simple and accessible is what we’ve always been about at Blockspring. And now we’ll get to push these goals forward along with the talented folks at Coinbase to make something greater than we could on our own,” wrote CEO Paul Katsen.

Coinbase raised $300 million last October to take it to $525 million raised to date from investors. While it may not be a huge one, the Blockspring deal looks to be its eleventh acquisition, according to data from Crunchbase. Most of those have been talent grabs, but its more substantial pieces of M&A have included the $120 million-plus deal for Earn.com, which installed Balaji Srinivasan as the company’s first CTO, the acquisition of highly-rated blockchain browser Cipher, and the purchase of securities dealer Keystone Capital, which boosted its move into security tokens.

In addition to buying up companies, Coinbase also makes investments via its early-stage focused Coinbase Ventures fund.

Personio, the German HR and recruiting platform, has raised $40 million in a Series B funding. Leading the round is London-based Index Ventures, with participation from existing investors Northzone and Rocket Internet’s Global Founders.

Founded in 2015, Munich-based Personio has set out to build a “HR operating system” for small and medium-sized companies (SMEs) ranging from 10 and 2,000 employees. The cloud-based software is designed to power all of a company’s HR and recruiting processes, either via the product’s own core functionality or through its ability to integrate with third-party software.

“We believe in the benefit of a holistic HR solution that covers the entire employee life-cycle, while its functionalities need to adapt to individual customer requirements and processes,” Personio co-founder and CEO Hanno Renner tells me.

“That being said, we distinguish between the bread-and-butter HR activities which every company needs to do (e.g. recruiting, on boarding, time off management, payroll etc.) and those that are either industry-specific or rather nice-to-haves”.

Examples of the latter include hardware-based time tracking, and employee engagement, respectively. “We focus our efforts on providing a best-in-class experience for what we consider bread-and-butter HR,” adds Renner. “For more specific requirements, we let our customers choose from a growing number of integrated vertical solutions based on their needs. Data will be synced so Personio acts as the system of record for all HR information and information only needs to be entered once”.

In addition to “out of the box” third-party software integrations, Personio’s claim to offer a HR operating system is backed up by the company’s open API, which is designed to cover various use cases where accessing data that is stored in Personio can add further value to customers. This includes building something as simple as a Slack bot using Personio data, to connecting Personio to a company’s data-warehouse or deeper integrations with internal systems.

More broadly, Renner says this holistic approach, coupled with Personio’s workflow automation that aims to cut down on time wasted on repetitive tasks, is not only resonating with HR managers and recruiters who typically use the product for several hours per day, but is also finding use with managers, executives and other employees. The end result is that HR and recruitment processes can become much more distributed across a company.

To that end, Personio says its Series B funding will be used to help the company attempt to become Europe’s leading provider of human resources software for SMEs. It boasts more than 1,000 clients in 35 countries, seeing over 150,000 employees and several hundred thousand applicants currently being managed within Personio.

“We believe that now is the right timing to actively expand into further regions and the funding as well as Index expertise will certainly help making that move successful,” adds the Personio CEO. “Apart from that, we consider ourselves a product-driven company and hence want to continue to strongly invest into building the best product for our customers which will mean significantly growing our product & engineering team and potentially even opening a new office to facilitate hiring”.

Ciitizen, the company founded by the creators of Gliimpse (an Apple acquisition that’s been incorporated into the company’s HealthKit) which is developing tools to help patients organize and share their medical records, has raised $17 million in new funding.

Ciitizen, like Gliimpse before it, is an attempt to break down the barriers that keep patients from being able to record, store, and share their healthcare information with whomever they want in their quest for treatment.

The digitization of health records — a featured element of President Barack Obama’s overhaul of the healthcare system back in 2009 — remains an obstacle to quality care and proper treatment nearly a decade later. Hospitals spend millions and the US healthcare system spends billions on Electronic Health Records annually. All with very little too show for the expense.

Those kinds of challenges are what attracted investors in the Andreessen Horowitz -led round. New investors Section 32, formed by the former head of Google Ventures, Bill Maris; and Verily, one of the healthcare subsidiaries that spun out of Google X and is a part of Google’s parent company, Alphabet.

“Ciitizen uniquely understands the challenges cancer patients face – including the intense friction patients experience when managing their medical records in our current healthcare system,” said Vijay Pande, a general partner in Andreessen Horowitz’s Bio fund, in a statement. “Using their deep insights, the Ciitizen team have developed sophisticated technology and tools that remove this friction, putting the power back in the patients’ hands and literally saving lives.”

Pande may be a little biased since Andreessen Horowitz also led the company’s seed funding last July, in what was, at the time, one of the earlier investments from the Bio fund’s latest $450 million second investment vehicle.

Andreessen Horowitz has a new, $450 million bio fund

“The continued support from Andreessen Horowitz reaffirms the rapid progress we have already made and further validates our potential to significantly impact healthcare globally. Adding Section 32 and Verily to our effort further enhances our ability to transform the way patients engage with their health data,” said Anil Sethi, CEO and Founder of Ciitizen, in a statement.