That’s exactly what happened to Sydney tech start-up Qnect, a payments and ticketing platform for university students to organise social events. Last May, its users began receiving threatening text messages from a hacking group calling itself RavenCrew.

“Your data will be published online unless Qnect pays bitcoin,” the messages said, urging the recipient to email the company’s co-founder and chief technology officer to ask them to pay the ransom.

A number of student groups including the University of Sydney Law Society posted warnings to their members. Qnect alerted the Australian Federal Police and scrambled to contain the fallout.

“I can confirm that this person does not have any financial information, and all card information is stored with third-party payments processor Stripe,” Qnect co-founder Daniel Liang said in an email to customers.

“Please ignore this person, as they are currently just harassing our community. If they have texted you the maximum they will have is your name, email, phone number to text you on.”

He later explained that a staff member had fallen victim to a phishing email.

“We have come to reason based on the activity logs of all our systems that this person has not hacked our systems, but rather, used a phishing scam to get remote access of a key employee’s computer, and then going through systems thereafter,” he wrote.

“I encourage everyone during this time to ignore this guy, and just be weary (sic) not to open links from SMS or email you don’t know who they are from — it’s a pretty deadly word out there on the internet right now.”

More than a year later, Qnect has shrugged off the hack attack, launching in Hong Kong and Singapore, closing a $3.4 million funding round and changing its name to Get. The app now has 220,000 members and about 2000 merchants in Australia.

While declining to give a valuation, Mr Liang said Qnect had processed $US6 million ($A8.4 million) in payments since launching in 2016. At a 3 per cent fee plus 50 cents for every item, that would indicate revenue of around $250,000.

Mr Liang said it was “difficult to say” whether Qnect had lost users or merchants as a result of the attack.

“I mean obviously it creates alarm. The media did blow it up much more than it really was,” he said. “When you’re talking about students’ data and payments, it’s a sensitive thing. We always kept our community up to date, we were very transparent and very clear with them.”

It had earlier been suggested the customer data had been stolen through a security hole pointed out on Twitter. Student Tommaso Armstrong showed that entering a phone number in the Qnect form would reveal the user’s email and first name.

Mr Liang said that wasn’t correct, and that the flaw only revealed the user’s first name. “If you put your email in Facebook and try to log in and forget your password, it will bring up your profile picture,” he said.

The 23-year-old, who graduated from UNSW this year with a degree in finance and accounting, said growing quickly meant there were “things start-ups forget in the early days”.

“You have to expect challenges on a day-to-day basis,” he said. “Starting a company from zero, trying to create something, you just expect challenges you fix, whether it’s a team member, security, product problems, a market issue, competitors, all these things.”

Asked whether the name change was to distance the business from the hack, Mr Liang said: “We knew it was going to benefit it but that wasn’t the initiator (of the decision).

“We know we have a great product and we’ve done well with the name Qnect, but there was unseen potential that could be there if we had an easier name,” he said.

He wants Get to become the “de facto payment platform” for the tertiary sector.

“There’s a merchant network which is untapped, which is student clubs, organisations, student unions — they didn’t have a tool made for them,” he said. “It solves the need for a mishmash of ticketing tools, Google forms, bank transfers, accounting systems, mailing systems.”

Get also has a social feed where users can see their friends’ purchases, although it’s set to private by default.

“Millennial purchasing habits are highly influenced,” Mr Liang said. “It’s a feed where you can see where your friends have paid and that ultimately drives exposure and social validation (for the merchants).”

Further down the track, he believes there is potential to retain users post-university.

“Because we’re built like a social network, if students are graduating and joining the workforce, they’re graduating with their friends as well, so we can leverage that framework. We’re working on that at the moment.”

The latest funding round was led by Vertex Ventures and Click Ventures, an early backer of Spotify.

“More and more selling will be automated and moved to mobile,” Click Ventures managing partner Carman Chan said in a statement.

“The social element of Get’s model is the missing piece of the current offline to online selling model. We believe start-ups need to be able to execute but also be nimble enough to pivot when the opportunity arises, and the Get team definitely demonstrates these qualities, which will see it grow quickly.”

frank.chung@news.com.au