Details On How Revolut's Payment System Got Hacked

Uploaded on 2023-07-19 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Financial, TECHNOLOGY--Hackers

In September 2022, the online bank Revolut was hit by a data breach where a third party gained unauthorised access to the company's database, compromising the personal information of thousands of users. According to the breach disclosure made to the State Data Protection Inspectorate in Lithuania, where Revolut holds a banking licence, a total of 50,150 customers worldwide were affected by the breach.

The issue was initially identified in late 2021, but before it could be resolved, cyber criminals exploited the vulnerability, resulting in the theft of approximately $23 million from the company's money.

Hackers identified differences between European and US payment systems and the hackers have exploited an unknown flaw in Revolut's payment systems to steal millions of the company's funds. It now emerges that the attack stemmed from problems connecting Revolut's US and European systems, causing some funds to be wrongly refunded using its own money when some transactions were declined.

The differences between Revolut's American and European systems meant that certain transactions were being rejected and then mistakenly refunded. This problem was discovered in late 2021, but before it could be closed  organized criminal groups leveraged the loophole by "encouraging individuals to try to make expensive purchases that would go on to be declined." The refunded amounts would then be withdrawn from ATMs.

Some of the money has been recovered by pursuing those who had withdrawn cash, but the mass fraud scheme is understood to have resulted in a net loss of about $20 million.

The disclosure comes after Interpol said the arrest of a suspected senior member of a French-speaking hacking crew known as OPERA1ER, which has been linked to attacks aimed at financial institutions and mobile banking services with malware, phishing campaigns, and large-scale Business Email Compromise (BEC) scams.

“Over the last four years, a highly-organised criminal organisation has targeted financial institutions and mobile banking services with malware, phishing campaigns and large-scale Business Email Compromise (BEC) scams,” says Interpol.

In an email sent to the affected customers, Revolut reassurreassured them that the hackers did not gain access to any card data, PINs or passwords. However, the company acknowledged that the attackers may have obtained customer information such as names, addresses, email addresses, dates of birth and phone numbers.

Interpol:     FT:     Computing:    Finance Magnates:    Hacker News:   KNews

You Might Also Read: 

Digital Banking & Cyber Crime:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

 

Cyber Security Intelligence: Captured Organised & Accessible

 

« The Most Used Malware In H1 2023
RomCom Hackers Target NATO Summit »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Nethemba

Nethemba

Nethemba provide pentesting and security audits for networks and web applications. Other services include digital forensics, training and consultancy.

PRODAFT

PRODAFT

PRODAFT, Proactive Defense Against Future Threats, is a cyber security and cyber intelligence company providing solutions to commercial customers and government institutions.

IAC

IAC

IAC is a specialist Irecruitment consultancy covering Internal Audit, Risk, Controls, Governance, IT Audit, and Cyber Security roles.

Harel Mallac Technologies

Harel Mallac Technologies

Harel Mallac Technologies is a Mauritian organisation that has developed a strong network of ICT specialists with nodes across the African continent.

CybExer Technologies

CybExer Technologies

CybExer provide an on-premise, easily deployable solution for complex technical cyber security exercises based on experience in military grade ranges.

Ecubel

Ecubel

Ecubel is the market leader in Belgium in buying and selling used IT harware guaranteed by a certified data erasure.

Digital Identification & Authentication Council of Canada (DIACC)

Digital Identification & Authentication Council of Canada (DIACC)

DIACC is a non-profit coalition of public and private sector leaders committed to developing a Canadian framework for digital identification and authentication.

SEMNet

SEMNet

SEMNet is an IT solutions provider and an infrastructure and security consulting firm.

HiddenLayer

HiddenLayer

HiddenLayer is a provider of security solutions for machine learning algorithms, models and the data that power them.

Federal Bureau of Investigation (FBI) - USA

Federal Bureau of Investigation (FBI) - USA

The mission of the FBI is to protect and defend against intelligence threats, uphold and enforce criminal laws, and provide criminal justice services.

Imprivata

Imprivata

Imprivata is the digital identity company for life- and mission-critical industries, redefining how organizations solve complex workflow, security, and compliance challenges.

Hook Security

Hook Security

Setting a new standard in security awareness. Hook Security is a people-first company that uses psychological security training to help companies create security-aware culture.

Infisign

Infisign

Infisign addresses the challenges of traditional IAM systems and offers a comprehensive solution for modern identity management.

TrafficGuard

TrafficGuard

TrafficGuard is an award-winning digital ad verification and fraud prevention platform.

Smartcomply

Smartcomply

Smartcomply is an automated and AI-powered cybersecurity and compliance platform that aids businesses in reducing the time and money spent on cybersecurity and compliance.

Modat

Modat

Modat is an AI-powered, research-driven company focused on developing products and services that enable cybersecurity professionals to outpace adversaries.