Millions of SMS messages exposed in database security lapse

A massive database storing tens of millions of SMS text messages, most of which were sent by businesses to potential customers, has been found online.

The database is run by TrueDialog, a business SMS provider for businesses and higher education providers, which lets companies, colleges, and universities send bulk text messages to their customers and students. The Austin, Texas-based company says one of the advantages to its service is that recipients can also text back, allowing them to have two-way conversations with brands or businesses.

The database stored years of sent and received text messages from its customers and processed by TrueDialog. But because the database was left unprotected on the internet without a password, none of the data was encrypted and anyone could look inside.

Security researchers Noam Rotem and Ran Locar found the exposed database earlier this month as part of their internet scanning efforts.

TechCrunch examined a portion of the data, which contained detailed logs of messages sent by customers who used TrueDialog’s system, including phone numbers and SMS message contents. The database contained information about university finance applications, marketing messages from businesses with discount codes, and job alerts, among other things.

But the data also contained sensitive text messages, such as two-factor codes and other security messages, which may have allowed anyone viewing the data to gain access to a person’s online accounts. Many of the messages we reviewed contained codes to access online medical services to obtain, and password reset and login codes for sites including Facebook and Google accounts.

The data also contained usernames and passwords of TrueDialog’s customers, which if used could have been used to access and impersonate their accounts.

Because some of the two-way message conversations contained a unique conversation code, it’s possible to read entire chains of conversations. One table alone had tens of millions of messages, many of which were message recipients trying to opt-out of receiving text messages.

TechCrunch contacted TrueDialog about the exposure, which promptly pulled the database offline. Despite reaching out several times, TrueDialog’s chief executive John Wright would not acknowledge the breach nor return several requests for comment. Wright also did not answer any of our questions — including whether the company would inform customers of the security lapse and if he plans to inform regulators, such as state attorneys general, per state data breach notification laws.

The company is just one of many SMS providers that have in recent months left systems — and sensitive text messages — on the internet for anyone to access. Not only that but it’s another example of why SMS text messages may be convenient but is not a secure way to communicate — particularly for sensitive data, like sending two-factor codes.

Read more:

Jobpal pockets $2.7M for its enterprise recruitment chatbot

Berlin-based recruitment chatbot startup Jobpal has closed a €2.5 million (~$2.7M) seed round of funding from InReach Ventures and Acadian Ventures.

The company, which was founded back in 2016, has built a cross-platform chatbot to automate candidate support and increase efficiency around hiring by applying machine learning and natural language processing for what it dubs “talent interaction”.

The target customers are large enterprises with Jobpal offering the product as a managed service.

For these employers the pitch is increased efficiency by being able to rapidly respond to and engage potential job applicants whenever they’re reaching out for more info via an always-on channel (i.e. the chatbot) which is primed to respond to common questions.

Candidates can also apply for vacancies via the Jobpal chatbot by answering a series of questions in the familiar messaging thread format. Jobpal says its chatbot can also be used to screen applicants’ CVs and recommend the most promising candidates.

It takes care of the logistical legwork of scheduling interview appointments — leaving HR departments with more time to spend on more meaningful portions of the recruitment process.

Co-founder and CEO Luc Dudler tells TechCrunch it has more than 30 enterprise clients at this stage, generating “thousands of conversations” per day. Customers he name checks include the likes of Airbus, Deutsche Telekom and McDonald’s.

The software works on popular messaging platforms including WhatsApp, Facebook Messenger, WeChat and SMS, and is available in 15+ languages — though Jobpal confirms the German market remains its largest so far.

“The sheer volume of interest and number of questions enterprises receive from prospective talent is often difficult to deal with, which results in a suboptimal experience and frustrated candidates. Conversational interfaces and Natural Language Processing enable us to deliver a candidate-centric experience and increase the efficiency of the recruiting function,” says Dudler, arguing that the recruitment landscape has become “candidate first” — putting the onus on enterprises to get the “candidate experience” right.

“This technology allows employers to engage with candidates when they want and on the platforms they use, such as WhatsApp. This gives control to the candidates, meaning they can get answers in a matter of seconds, instead of days or weeks. For Internal HR teams, they can spend time more time finding the best talent, as jobpal automates tedious and time-consuming tasks, allowing recruitment teams to focus on more value-add tasks.”

“We focus mainly on communication and engagement, and our customers only do in-house recruitment. We don’t work with agencies,” he adds.

Jobpal points to increased engagement from use of its chatbot — claiming companies are seeing more queries from jobseekers than they used to receive emails, as well as arguing the “low-friction” approach is accessible and convenient and leads to increased conversion rates.

With any automated process there could be a risk of biased and unequitable outcomes — depending on the criteria the chatbot is using to sift candidates. Although Jobpal says it’s not using algorithms to take recruitment decisions, so the biggest bias risk looks to be in the hands of the employers setting the criteria.

Misinterpretation of candidates’ queries based on the technology failing to understand what’s being asked could potentially lead to responses that disproportionately disadvantage certain applicants. Though Jobpal says queries that are too complex are routed to a human to deal with.

“We get a lot of queries about the application process/deadline/evaluation, qualifications needed, supporting documents, working hours, growth options and salary that Jobpal is designed to deal with,” says Dudler, of Jobpal candidate users. “Our chatbots don’t answer questions that are too personal, too obscure or anything non-recruitment related such as customer service queries.”

“Jobpal stores the query data but it’s de-associated from the candidate data. This data is used to train AI models which supports general communication as well as company-specific chatbots. We don’t mine or sell candidate profiles, and we don’t do algorithmic decision making in the recruitment process,” he adds.

The software integrates with a number of enterprise Human Capital Management suites at this point, including SAP SuccessFactors, Workday, Oracle (formerly Taleo), Avature and Smartrecruiters.

The seed round follows what Dudler couches as “a huge increase in demand” — with the team spying an opportunity for further growth.

“We’ll be investing in product development and tripling our headcount in the next 12 months. Specifically, we are looking to recruit a VP of marketing,” he tells us.

Chatbots still strike many consumers as robotic — and even irritating — but the technology has nonetheless been flourishing in the customer support and recruitment space for several years now. Business areas where there’s no shortage of repetitive tasks for automating. And where being able to offer some level of service 24/7 is a major plus.

On the hiring front, the power imbalance between employer and job applicant might even make interfacing with a bot more appealing for a candidate than the pressure of talking to an actual human who already works at the target employer.

For certain types of jobs employee churn can also be incredibly high — making hiring essentially a neverending task. Again, chatbots are a natural fit in such a scenario; being scalable, they take the strain out of repeat and formulaic conversations — with the promise of a smooth pipeline of candidate conversions.

Given all that there’s now no shortage of recruitment chatbots touting automated support for HR departments. At the same time there’s unlikely to ever be a one-size fits all approach to the hiring problem. It’s a multifaceted, multi-dimensional challenge on account of the spectrum of work that exists and jobs to be filled, and indeed the human variety of jobseekers.

This is why there are so many different ‘flavors’ and ‘styles’ of chatbots offering to assist, some with algorithmic matching, and/or targeting different types of employers and/or jobs/industry (or indeed jobseekers; passive vs active) — others just super basic tools (such as the Jobo bot which alerts jobseekers to vacancies matching criteria they’ve specified).

Some more sophisticated chatbot examples include MeetFrank (passive job matching); Mya (for recruiting agencies and massive enterprises, including for shift filling); Vahan (low skilled, blue-collar job-matching for high attrition delivery jobs); and AllyO (conversational AI for “end-to-end HR management”).

While a few recruitment chatbots that are closer to what Jobpal is offering include the likes of IdealBrazen and Xor, to name three.

With so much chatbot competition pledging to ‘streamline recruitment’ by applying automation to the hiring task, employers might be forgiven for thinking they have a fresh choice headache on their hands.

But for startups applying AI technology to ‘fix recruitment’ by making talk cheap (and structured), the patchwork of players and approaches still in play suggests there’s ongoing opportunity to grab a slice of a truly massive market. 

APIs are the next big SaaS wave

While the software revolution started out slowly, over the past few years it’s exploded and the fastest-growing segment to-date has been the shift towards software as a service or SaaS.

SaaS has dramatically lowered the intrinsic total cost of ownership for adopting software, solved scaling challenges and taken away the burden of issues with local hardware. In short, it has allowed a business to focus primarily on just that — its business — while simultaneously reducing the burden of IT operations.

Today, SaaS adoption is increasingly ubiquitous. According to IDG’s 2018 Cloud Computing Survey, 73% of organizations have at least one application or a portion of their computing infrastructure already in the cloud. While this software explosion has created a whole range of downstream impacts, it has also caused software developers to become more and more valuable.

The increasing value of developers has meant that, like traditional SaaS buyers before them, they also better intuit the value of their time and increasingly prefer businesses that can help alleviate the hassles of procurement, integration, management, and operations. Developer needs to address those hassles are specialized.

They are looking to deeply integrate products into their own applications and to do so, they need access to an Application Programming Interface, or API. Best practices for API onboarding include technical documentation, examples, and sandbox environments to test.

APIs tend to also offer metered billing upfront. For these and other reasons, APIs are a distinct subset of SaaS.

For fast-moving developers building on a global-scale, APIs are no longer a stop-gap to the future—they’re a critical part of their strategy. Why would you dedicate precious resources to recreating something in-house that’s done better elsewhere when you can instead focus your efforts on creating a differentiated product?

Thanks to this mindset shift, APIs are on track to create another SaaS-sized impact across all industries and at a much faster pace. By exposing often complex services as simplified code, API-first products are far more extensible, easier for customers to integrate into, and have the ability to foster a greater community around potential use cases.

Screen Shot 2019 09 06 at 10.40.51 AM

Graphics courtesy of Accel

Billion-dollar businesses building APIs

Whether you realize it or not, chances are that your favorite consumer and enterprise apps—Uber, Airbnb, PayPal, and countless more—have a number of third-party APIs and developer services running in the background. Just like most modern enterprises have invested in SaaS technologies for all the above reasons, many of today’s multi-billion dollar companies have built their businesses on the backs of these scalable developer services that let them abstract everything from SMS and email to payments, location-based data, search and more.

Simultaneously, the entrepreneurs behind these API-first companies like Twilio, Segment, Scale and many others are building sustainable, independent—and big—businesses.

Valued today at over $22 billion, Stripe is the biggest independent API-first company. Stripe took off because of its initial laser-focus on the developer experience setting up and taking payments. It was even initially known as /dev/payments!

Stripe spent extra time building the right, idiomatic SDKs for each language platform and beautiful documentation. But it wasn’t just those things, they rebuilt an entire business process around being API-first.

Companies using Stripe didn’t need to fill out a PDF and set up a separate merchant account before getting started. Once sign-up was complete, users could immediately test the API with a sandbox and integrate it directly into their application. Even pricing was different.

Stripe chose to simplify pricing dramatically by starting with a single, simple price for all cards and not breaking out cards by type even though the costs for AmEx cards versus Visa can differ. Stripe also did away with a monthly minimum fee that competitors had.

Many competitors used the monthly minimum to offset the high cost of support for new customers who weren’t necessarily processing payments yet. Stripe flipped that on its head. Developers integrate Stripe earlier than they integrated payments before, and while it costs Stripe a lot in setup and support costs, it pays off in brand and loyalty.

Checkr is another excellent example of an API-first company vastly simplifying a massive yet slow-moving industry. Very little had changed over the last few decades in how businesses ran background checks on their employees and contractors, involving manual paperwork and the help of 3rd party services that spent days verifying an individual.

Checkr’s API gives companies immediate access to a variety of disparate verification sources and allows these companies to plug Checkr into their existing on-boarding and HR workflows. It’s used today by more than 10,000 businesses including Uber, Instacart, Zenefits and more.

Like Checkr and Stripe, Plaid provides a similar value prop to applications in need of banking data and connections, abstracting away banking relationships and complexities brought upon by a lack of tech in a category dominated by hundred-year-old banks. Plaid has shown an incredible ramp these past three years, from closing a $12 million Series A in 2015 to reaching a valuation over $2.5 billion this year.

Today the company is fueling an entire generation of financial applications, all on the back of their well-built API.

Screen Shot 2019 09 06 at 10.41.02 AM

Graphics courtesy of Accel

Then and now

Accel’s first API investment was in Braintree, a mobile and web payment systems for e-commerce companies, in 2011. Braintree eventually sold to, and became an integral part of, PayPal as it spun out from eBay and grew to be worth more than $100 billion. Unsurprisingly, it was shortly thereafter that our team decided to it was time to go big on the category. By the end of 2014 we had led the Series As in Segment and Checkr and followed those investments with our first APX conference in 2015.

Plaid, Segment, Auth0, and Checkr had only raised Seed or Series A financings! And we are even more excited and bullish on the space. To convey just how much API-first businesses have grown in such a short period of time, we thought it would be useful perspective to share some metrics over the past five years, which we’ve broken out in the two visuals included above in this article.

While SaaS may have pioneered the idea that the best way to do business isn’t to actually build everything in-house, today we’re seeing APIs amplify this theme. At Accel, we firmly believe that APIs are the next big SaaS wave — having as much if not more impact as its predecessor thanks to developers at today’s fastest-growing startups and their preference for API-first products. We’ve actively continued to invest in the space (in companies like, Scale, mentioned above).

And much like how a robust ecosystem developed around SaaS, we believe that one will continue to develop around APIs. Given the amount of progress that has happened in just a few short years, Accel is hosting our second APX conference to once again bring together this remarkable community and continue to facilitate discussion and innovation.

Screen Shot 2019 09 06 at 10.41.10 AM

Graphics courtesy of Accel

How should B2B startups think about growth? Not like B2C

Over the years, we’ve seen a lot of B2B companies apply ineffective demand generation strategies to their startup. If you’re a B2B founder trying to grow your business, this guide is for you.

Rule #1: B2B is not B2C. We are often dealing with considered purchases, multiple stakeholders, long decision cycles, and massive LTVs. These unique attributes matter when developing a growth strategy. We’ll share B2B best practices we’ve employed while working with awesome B2B companies like Zenefits, Crunchbase, Segment, OnDeck, Yelp, Kabbage, Farmers Business Network, and many more. Topics covered include:

  • Descriptions of growth stages you can use to determine your company’s status
  • Tactics for each stage with specific examples
  • Which advertising channels work best
  • Optimization of your ad copy to maximize CTR and conversions
  • Optimization of your sales funnel
  • Measuring the ROI of your advertising spend

We often crack growth for companies that didn’t think it was possible, based on their prior experience with agencies and/or internal resources. There are many misconceptions out there about B2B growth, rooted in the misapplication of B2C strategies and leading to poor performance. Study the differences and you’ll develop a filter for all the advice you get that’s good for one context (ex: B2C) but bad for another (ex: B2B). This guide will get you off on the right foot.

Table of Contents

What growth stage is your B2B startup?

The best growth strategy for your company ultimately depends on whether you’re in an incubation, iteration, or scale stage. One of the most common mistakes we see is a company acting like they’re in the scale phase when they’re actually in the iteration phase. As a result, many of them end up developing inefficient growth strategies that lead to exorbitant monthly ad spends, extraneous acquisition channels, hiring (and later firing) ineffective team members, and de-emphasizing critical customer feedback. There is often an intense pressure to grow, but believing your own hype before it’s real can kill early-stage ventures. Here’s a breakdown of each stage:

designer key details 22

Incubation is when you are building your minimum viable product (MVP). This should be done in close partnership with potential customers to ensure you are solving a real problem with a credible solution. Typically a founder is a voice of the customer, as someone who experienced the problem and sought out the solution s/he is now building. Other times, founders enter a new space and build a panel of prospective buyers to participate in the product development process. The endpoint of this phase is a working MVP.

Iteration is when you have customers using your MVP and you are rapidly improving the product. Success at this stage is rooted in customer insights – both qualitative and quantitative – not marketing excellence. It’s valuable to include in this iterative process customers with whom the founder(s) have no prior relationship. You want to test the product’s appeal, not friends’ willingness to help you out. We want a customer set that is an accurate sample of a much larger population you will later sell to. The endpoint of the iteration phase is product/market fit.

Scale is when you have product/market fit and are trying to grow your customer base. The goal of this phase is to build a portfolio of tactics that maximize market penetration with minimal – or at least profitable – cost. Success is rooted in growing lifetime value through retention and margin, maximizing funnel conversion to efficiently convert leads to customers, and finding repeatable tactics to drive prospective buyers’ awareness and consideration of your product. The endpoint of this phase is ultimately market saturation, leading to the incubation and iteration of new features, customer segments, and geographies.

How do you find B2B customers? 

Here’s a list of B2B customer acquisition tactics we commonly employ and recommend. Later in this article, we’ll connect each channel to the growth stage it’s best used in. This list is generally sorted by early stage to later stage:

1. Leveraging your network. This is particularly valuable for founders who are building a product based on their own past experience.

  • Reach out to old colleagues you know have the same problem you had (and are solving).
  • Leverage the startup ecosystem. If your startup is in YCombinator, for instance, other companies in your batch may be prospects, along with alumni who will take your call simply because of your affiliation.
  • Example: If you’re building an app for marketers, ask past marketing colleagues you’ve worked with to try out your product is a no brainer.

Twilio launches SendGrid Ads and new cross-channel messaging API

At its annual Signal developer conference, Twilio today announced a couple of new features for developers on its core messaging platform and users of its recently acquired SendGrid email service. The new Twilio tools now allow developers to create multi-channel messaging tools and to get real-time streams of conversations in order to run them through transcription services, a translation tool or other machine learning models.

The company’s $3 billion acquisition of SendGrid closed less than half a year ago, so it doesn’t come as a surprise that Twilio would use its biggest event of the year to showcase the service to its developer community.

It’s a bit of an odd one, though. See, SendGrid already announced the beta of SendGrid Ads back in November 2018. As best as I can tell, Twilio SendGrid Ads, which is now launching in beta, is the same product, but a Twilio representative tells me that the ads product is now more deeply integrated into SendGrid Marketing Campaigns, and also got a bit of a redesign. A form of this integration already existed in the previous version, though.

The general idea here is to allow SendGrid users to run multichannel display ad campaigns on Facebook, Instagram and Google from their SendGrid accounts. The advantage of this, the company argues, is that marketers will be able to use data from their email campaigns and website data to then retarget users on other channels. Similarly, they can use lead ads on Facebook to get potential customers to sign up for their SendGrid mailing list.

SendGrid Ads will cost $50 per month, plus the cost of the ads. SendGrid will also take its own cut of 5% of any media cost over $500.

Screen Shot 2018 11 13 at 8.52.55 AM 960x656

The new developer tools are pretty straightforward. Twilio Conversations, now in public beta, is a new API that allows developers to create solutions that integrate various messaging channels like SMS, WhatsApp and other chat tools.

“Over the last two decades, we’ve watched businesses evolve their communications with customers from the phone call, to website chat, to native mobile apps,” said Chee Chew, chief product officer at Twilio. “Leading companies have figured out that the next evolution of great customer experience is through messaging. Twilio Conversations empowers businesses to build personal, long-lived connections with their customers on the channels they prefer.”

Twilio Media Streams does exactly what it promises to do. Previously, you could get a recording to a call. Now, you can tap into the real-time call to analyze that stream in real time. That’s useful for all kinds of AI tools that aim to help call center agents, for example. This service is now also in public beta and will cost $0.004 per minute, in addition to the rest of the fees associated with the call.

Google’s Titan security keys come to Japan, Canada, France and the UK

Google today announced that its Titan Security Key kits are now available in Canada, France, Japan and the UK. Until now, these keys, which come in a kit with a Bluetooth key and a standard USB-A dongle, were only available in the U.S.

The keys provide an extra layer of security on top of your regular login credentials. They provide a second authentication factor to keep your account safe and replace more low-tech two-factor authentication systems like authentication apps or SMS messages. When you use those methods, you still have to type the code into a form, after all. That’s all good and well until you end up on a well-designed phishing page. Then, somebody could easily intercept your code and quickly reuse it to breach your account — and getting a second factor over SMS isn’t exactly a great idea to begin with, but that’s a different story.

Authentication keys use a number of cryptographic techniques to ensure that you are on a legitimate site and aren’t being phished. All of this, of course, only works on sites that support hardware security keys, though that number continues to grow.

The launch of Google’s Titan keys came as a bit of a surprise, given that Google had long had a good relationship with Yubico and previously provided all of its employees with that company’s keys. The original batch of keys also featured a security bug in the Bluetooth key. That bug was hard to exploit, but nonetheless, Google offered free replacements to all Titan Key owners.

In the U.S., the Titan Key kit sells for $50. In Canada, it’ll go for $65 CAD. In France, it’ll be €55, while in the UK it’ll retail for £50 and in Japan for ¥6,000. Free delivery is included.

 

Africa’s ride-hail markets are hot spots for startups and VC

When it comes to VC, vehicles, and startups, Africa’s ride-hail markets are becoming a multi-wheeled and global affair.

The big players such as Uber and Bolt are competing in Kampala and Nairobi—where in addition to car-service—they offer rickshaw taxis. On-demand motorcycle startups are multiplying and piloting EVs with funds from international partners. And many ride-hail companies in Africa are adapting unique product solutions to local transit needs.

In this analysis, I take a look at the leading startups in the mobility space and how the future of transportation on the continent will increasingly come from new entrants.

Africa’s in the midst of digital innovation boom

Africa’s in the midst of digital innovation boom, the components of which are intersecting rapidly across its 54 countries and 1.2 billion people.

Smartphone penetration is improving and in 2017, the continent saw the largest global increase in internet users—20 percent.

By Partech data, the continent surpassed the $1 billion VC mark in 2018. And greater connectivity and venture funding are fueling thousands of startups in every imaginable sector, including digital-transit.

While reliable markets stats for the size and potential of Africa’s ride-hail markets are sparse, there are some indicators of the sector’s potential.

Car ownership and cars per capita in Africa is among the lowest in the world. Parallel to that, any eyes and ears survey of the continent’s big cities reveals that shared transport by buses, cars, or motorcycles is big business that’s already ingrained in consumer culture. Millions of people daily pay fares to pack onto East and West Africa’s Mutatu and Danfo minibuses and Okada and Boda Boda motorbike taxis.

As Africa continues to urbanize, converts to smartphones, and discretionary consumer spending continues to rise—it all adds up to suggest strong potential for conversion to on-demand mobility services.

Unsurprisingly, the most active markets for ride-hail startups and investment in Africa align with the continent’s top spots for VC and tech activity: primarily Nigeria, Kenya, and South Africa.

Fitness startup Mirror nears $300M valuation with fresh funding

Today, Peloton is a bonafide success. The company, which sells $2,245 internet-connected exercise bikes, boasts a $4 billion valuation and a cult following.

That hasn’t always been the case. For years, Peloton battled for venture capital investment and struggled to attract buyers. Now that it’s proven the market for tech-enabled home exercise equipment and affiliated subscription products, a whole bunch of startups are chasing down the same customer segment.

Mirror, a New York-based company that sells $1,495 full-length mirrors that double as interactive home gyms, is closing in a round of funding expected to reach $36 million, sources and Delaware stock filings confirm, at a valuation just under $300 million. It’s unclear who has signed on to lead the round; we’ve heard a number of high-profile firms looked at Mirror’s books and passed. The company has previously raised a total of $38 million from Spark Capital, First Round Capital, Lerer Hippeau, BoxGroup and more.

Mirror declined to comment for this story.

Like Peloton, Mirror is sold for a hefty fee with a subscription to the service’s unlimited live and on-demand workouts that comes at an additional cost. The company hasn’t disclosed subscriber numbers, though The New York Times reported in February the business was selling $1 million worth of Mirrors — or some 650 units — per month.

The company has not only benefited from the Peloton effect, but also from a near-immediate interest from celebrities and influencers in its product. Kate Hudson, Alicia Keys, Reese Witherspoon, Jennifer Aniston and Gwyneth Paltrow are among the many celebrities to have publicly boasted about Mirror, undoubtedly boosting sales for the up-and-coming startup.

Venture capitalists were quick to show support for Mirror, too; in fact, the business attracted money at a $200 million valuation prior to launching its first product. Mirror began selling its sleek equipment, dubbed by The New York Times as “The Most Narcissistic Exercise Equipment Ever,” in September.

SAN FRANCISCO, CA – SEPTEMBER 06: Mirror Founder and CEO Brynn Putnam (L) and moderator Lucas Matney speak onstage during Day 2 of TechCrunch Disrupt SF 2018 at Moscone Center on September 6, 2018, in San Francisco, California. (Photo by Steve Jennings/Getty Images for TechCrunch)

The round comes amid a distinct boom in funding for fitness-related startups evidenced not only by Peloton’s mammoth valuation and hyped-over initial public offering expected soon but by the rapid uptick in small upstarts looking to capitalize on rising interest in fitness apps and equipment. In total, VCs bet some $2 billion on U.S. fitness startups in 2018, a record amount of funding for the space. So far this year, nearly $500 million has been allocated to the growing sector, per PitchBook, as entrepreneurs strive to bring the gym into the home.

Tonal, which sells personal exercise equipment that combines on-demand training with smart features, is among a small class of venture-backed fitness companies to have accumulated a large following. The company has raised $91.7 million in equity funding at a valuation of $185 million, according to PitchBook, from investors including L Catterton, Shasta Ventures, Mayfield and Sapphire Sport.

When it comes to early-stage efforts, there’s no shortage of recent fundraises. Last week, Livekick, which gives customers access to one-on-one personal training and yoga from their home, closed a $3 million seed round led by Firstime VC. Two weeks ago, fitness startup Future secured an $8.5 million round led by Kleiner Perkins’ Mamoon Hamid. For a $150 monthly fee, Future assigns personalized workout plans and a coach who tracks customers’ fitness activity through an Apple Watch. To keep users committed to their workout regimens, Future sends daily text messages with motivational feedback.

The AI-based personal training company Aaptiv, Plankk, which sells live fitness lessons led by Instagram stars, and audio coaching app Eastnine, have also recently launched.

Mirror was founded in late 2016 by Brynn Putnam, an entrepreneur behind Refine Method, a chain of boutique fitness studios located in New York. The former professional dancer spoke to TechCrunch’s Lucas Matney at Disrupt San Francisco in September about the future of the business.

“[We want] to enhance the human touch rather than to replace it,” Putnam said. “Our goal is not to be the next treadmill in your life, our goal is to be the next screen in your home,” Putnam said.

Ultimately, Putnam added, Mirror plans to scale beyond fitness content with potential extensions including physical therapy, fashion, beauty and education.

“We have the ability to create personalized premium content across a wide range of verticals, with fitness being our first vertical,” Putnam said.

Startups net more than capital with NBA players as investors

If you’re a big basketball fan like me, you’ll be glued to the TV watching the Golden State Warriors take on the Toronto Raptors in the NBA finals. (You might be surprised who I’m rooting for.)

In honor of the big games, we took a shot at breaking down investment activities of the players off the court. Last fall, we did a story highlighting some of the sport’s more prolific investors. In this piece, we’ll take a deeper dive into just what having an NBA player as a backer can do for a startup beyond the capital involved. But first, here’s a chart of some startups funded by NBA players, both former and current.

 

In February, we covered how digital sports media startup Overtime had raised $23 million in a Series B round of funding led by Spark Capital. Former NBA Commissioner David Stern was an early investor and advisor in the company (putting money in the company’s seed round). Golden State Warriors player Kevin Durant invested as part of the company’s Series A in early 2018 via his busy investment vehicle, Thirty Five Ventures. And then, Carmelo Anthony invested (via his Melo7 Tech II fund) earlier this year. Other NBA-related investors include Baron DavisAndre Iguodala and Victor Oladipo, and other non-NBA backers include Andreessen Horowitz and Greycroft.

I talked to Overtime’s CEO, 27-year-old Zack Weiner, about how the involvement of so many NBA players came about. I also wondered what they brought to the table beyond their cash. But before we get there, let me explain a little more about what Overtime does.

Founded in late 2016 by Dan Porter and Weiner, the Brooklyn company has raised a total of $35.3 million. The pair founded the company after observing “how larger, legacy media companies, such as ESPN, were struggling” with attracting the younger viewer who was tuning into the TV less and less “and consuming sports in a fundamentally different way.”

So they created Overtime, which features about 25 to 30 sports-related shows across several platforms (which include YouTube, Snapchat, Instagram, Facebook, TikTok, Twitter and Twitch) aimed at millennials and the Gen Z generation. Weiner estimates the company’s programs get more than 600 million video views every month.

In terms of attracting NBA investors, Weiner told me each situation was a little different, but with one common theme: “All of them were fans of Overtime before we even met them…They saw what we were doing as the new wave of sports media and wanted to get involved. We didn’t have to have 10 meetings for them to understand what we were doing. This is the world they live and breathe.”

So how is having NBA players as investors helping the company grow? Well, for one, they can open a lot of doors, noted Weiner.

“NBA players are very powerful people and investors,” he said. “They’ve helped us make connections in music, fashion and all things tangential to sports. Some have created content with us.”

In addition, their social clout has helped with exposure. Their posting or commenting on Instagram gives the company credibility, Weiner said.

“Also just, in general, getting their perspectives and opinions,” he added. “A lot of our content is based on working with athletes, so they understand what athletes want and are interested in being a part of.”

It’s not just sports-related startups that are attracting the interest of NBA players. I also talked with Hussein Fazal, the CEO of SnapTravel, which recently closed a $21.2 million Series A that included participation from Telstra Ventures and Golden State Warriors point guard Stephen Curry.

Founded in 2016, Toronto-based SnapTravel offers online hotel booking services over SMS, Facebook Messenger, Alexa, Google Home and Slack. It’s driven more than $100 million in sales, according to Fazal, and is seeing its revenue grow about 35% quarter over quarter.

Like Weiner, Fazal told me that Curry’s being active on social media about SnapTravel helped draw positive attention and “add a lot of legitimacy” to his company.

“If you’re an end-consumer about to spend $1,000 on a hotel booking, you might be a little hesitant about trusting a newer brand like ours,” he said. “But if they go to our home page and see our investors, that holds some weight in the eyes of the public, and helps show we’re not a fly-by-night company.”

Another way Curry’s involvement has helped SnapTravel is in terms of the recruitment and retainment of employees. Curry once spent hours at the office, meeting with employees and doing a Q&A.

“It was really cool,” Fazal said. “And it helps us stand out from other startups when hiring.”

Regardless of who wins the series, it’s clear that startups with NBA investors on their team have a competitive advantage. (Still, Go Raptors!)

Flipboard hacks prompt password resets for millions of users

Social sharing site and news aggregator Flipboard has reset millions of user passwords after hackers gained access to its systems several times over a nine-month period

The company confirmed in a notice Tuesday that the hacks took place between June 2, 2018 and March 23, 2019 and a second time on April 21-22, 2019, but the intrusions were only detected a day later on April 23.

Hackers stole usernames, email addresses, passwords and account tokens for third-party services. According to the notice, “not all” Flipboard users’ account data were involved in the breaches but the company declined to say how many users were affected.

Flipboard has more than 150 million monthly users.

“We’re still identifying the accounts involved and as a precaution, we reset all users’ passwords and replaced or deleted all digital tokens,” the notice read.

Although the passwords were unreadable, Flipboard said passwords prior to March 14, 2012 were scrambled using the older, weak hashing SHA-1 algorithm.. Any passwords changed after are scrambled using a much stronger algorithm that makes it far more difficult to reveal in a usable format.

The hacks also exposed account tokens, which gives Flipboard access to data from accounts on other services, like Facebook, Google, and Samsung.

“We have not found any evidence the unauthorized person accessed third-party account(s) connected to users’ Flipboard accounts,” said the statement. “As a precaution, we have replaced or deleted all digital tokens.”

Flipboard becomes the latest tech giant to be hit by hackers in recent months. Developer platform Stack Overflow earlier this month confirmed a breach involved some user data. Canva, one of the biggest sites on the internet, was also hacked. Last week, the Australia-based company admitted close to 140 million users had data stolen following the breach.

Read more: