Details On How Revolut's Payment System Got Hacked

Uploaded on 2023-07-19 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Financial, TECHNOLOGY--Hackers

In September 2022, the online bank Revolut was hit by a data breach where a third party gained unauthorised access to the company's database, compromising the personal information of thousands of users. According to the breach disclosure made to the State Data Protection Inspectorate in Lithuania, where Revolut holds a banking licence, a total of 50,150 customers worldwide were affected by the breach.

The issue was initially identified in late 2021, but before it could be resolved, cyber criminals exploited the vulnerability, resulting in the theft of approximately $23 million from the company's money.

Hackers identified differences between European and US payment systems and the hackers have exploited an unknown flaw in Revolut's payment systems to steal millions of the company's funds. It now emerges that the attack stemmed from problems connecting Revolut's US and European systems, causing some funds to be wrongly refunded using its own money when some transactions were declined.

The differences between Revolut's American and European systems meant that certain transactions were being rejected and then mistakenly refunded. This problem was discovered in late 2021, but before it could be closed  organized criminal groups leveraged the loophole by "encouraging individuals to try to make expensive purchases that would go on to be declined." The refunded amounts would then be withdrawn from ATMs.

Some of the money has been recovered by pursuing those who had withdrawn cash, but the mass fraud scheme is understood to have resulted in a net loss of about $20 million.

The disclosure comes after Interpol said the arrest of a suspected senior member of a French-speaking hacking crew known as OPERA1ER, which has been linked to attacks aimed at financial institutions and mobile banking services with malware, phishing campaigns, and large-scale Business Email Compromise (BEC) scams.

“Over the last four years, a highly-organised criminal organisation has targeted financial institutions and mobile banking services with malware, phishing campaigns and large-scale Business Email Compromise (BEC) scams,” says Interpol.

In an email sent to the affected customers, Revolut reassurreassured them that the hackers did not gain access to any card data, PINs or passwords. However, the company acknowledged that the attackers may have obtained customer information such as names, addresses, email addresses, dates of birth and phone numbers.

Interpol:     FT:     Computing:    Finance Magnates:    Hacker News:   KNews

You Might Also Read: 

Digital Banking & Cyber Crime:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

 

Cyber Security Intelligence: Captured Organised & Accessible

 

« The Most Used Malware In H1 2023
RomCom Hackers Target NATO Summit »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Paramount Computer Systems

Paramount Computer Systems

Paramount is a regional leader in the Middle East for cybersecurity solutions and consulting services.

Gatewatcher

Gatewatcher

Gatewatcher is a digital breach detection platform targeting crafted attacks and protecting organizations against advanced cyber threats.

Norwegian Information Security laboratory (NISlab)

Norwegian Information Security laboratory (NISlab)

NISlab conducts international competitive research in information and cyber security and operates study programs in this area.

Radiflow

Radiflow

Radiflow is a leading provider of cyber security solutions for critical infrastructure networks (i.e. SCADA), such as power utilities, oil & gas, water and others.

SecureKey Technologies

SecureKey Technologies

SecureKey is a leading identity and authentication provider that simplifies consumer access to online services and applications.

ClearBlade

ClearBlade

ClearBlade is the Edge Computing software company enabling enterprises to rapidly engineer and run secure, real-time, scalable IoT applications.

Telelogos

Telelogos

Telelogos is a European provider of Enterprise Mobility Management software, Digital Signage software and Data Transfer and Synchronization software.

ReliaQuest

ReliaQuest

ReliaQuest’s GreyMatter solution connects existing technology, people, and process – then equips security teams with unified, actionable insights across their entire environment.

US Secret Service

US Secret Service

The US Secret Service has a pivotal role in securing the nation’s critical infrastructures, specifically in the areas of cyber, banking and finance.

ArmorText

ArmorText

ArmorText offers a seamless channel for communication and collaboration for organizations concerned with keeping communication data private and secure.

Brighterion

Brighterion

Brighterion solutions stop payment and acquirer fraud, reduce credit risk and delinquency, fight financial crime, prevent healthcare fraud, waste and abuse, and more.

Tactical Network Systems (TNS)

Tactical Network Systems (TNS)

Tactical Network Solutions helps you discover hidden attack vectors in IoT and connected devices before someone else does.

Binare

Binare

Binare empowers companies all over the world to improve their IIot/IoT /Embedded cybersecurity posture and digital privacy.

Prism Infosec

Prism Infosec

Prism Infosec is an award-winning independent cyber security consultancy, CREST STAR, NCSC CHECK member, CAA ASSURE audit provider and PCI Qualified Security Assessor.

Nagios

Nagios

Nagios is a powerful tool that provides you with instant awareness of your organization’s mission-critical IT infrastructure.

UltraViolet Cyber

UltraViolet Cyber

UltraViolet is an industry leading tech-enabled managed security services company.