Details On How Revolut's Payment System Got Hacked

In September 2022, the online bank Revolut was hit by a data breach where a third party gained unauthorised access to the company's database, compromising the personal information of thousands of users. According to the breach disclosure made to the State Data Protection Inspectorate in Lithuania, where Revolut holds a banking licence, a total of 50,150 customers worldwide were affected by the breach.

The issue was initially identified in late 2021, but before it could be resolved, cyber criminals exploited the vulnerability, resulting in the theft of approximately $23 million from the company's money.

Hackers identified differences between European and US payment systems and the hackers have exploited an unknown flaw in Revolut's payment systems to steal millions of the company's funds. It now emerges that the attack stemmed from problems connecting Revolut's US and European systems, causing some funds to be wrongly refunded using its own money when some transactions were declined.

The differences between Revolut's American and European systems meant that certain transactions were being rejected and then mistakenly refunded. This problem was discovered in late 2021, but before it could be closed  organized criminal groups leveraged the loophole by "encouraging individuals to try to make expensive purchases that would go on to be declined." The refunded amounts would then be withdrawn from ATMs.

Some of the money has been recovered by pursuing those who had withdrawn cash, but the mass fraud scheme is understood to have resulted in a net loss of about $20 million.

The disclosure comes after Interpol said the arrest of a suspected senior member of a French-speaking hacking crew known as OPERA1ER, which has been linked to attacks aimed at financial institutions and mobile banking services with malware, phishing campaigns, and large-scale Business Email Compromise (BEC) scams.

“Over the last four years, a highly-organised criminal organisation has targeted financial institutions and mobile banking services with malware, phishing campaigns and large-scale Business Email Compromise (BEC) scams,” says Interpol.

In an email sent to the affected customers, Revolut reassurreassured them that the hackers did not gain access to any card data, PINs or passwords. However, the company acknowledged that the attackers may have obtained customer information such as names, addresses, email addresses, dates of birth and phone numbers.

Interpol:     FT:     Computing:    Finance Magnates:    Hacker News:   KNews

You Might Also Read: 

Digital Banking & Cyber Crime:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

 


Cyber Security Intelligence: Captured Organised & Accessible


 

« The Most Used Malware In H1 2023
RomCom Hackers Target NATO Summit »

CyberSecurity Jobsite
Check Point

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

DoD Cyber Crime Center (DC3) - USA

DoD Cyber Crime Center (DC3) - USA

DC3 is a US Department of Defense (DoD) center of excellence for Digital and Multimedia forensics.

Coalfire

Coalfire

Coalfire specialises in cyber risk management and compliance. Our services span the cybersecurity lifecycle from advisory and compliance, to testing and engineering, monitoring and optimization.

My Data Recovery Lab

My Data Recovery Lab

We recover data from: HDDs, RAIDs, NAS, SSDs, USB Flash Devices, Desktop Computers, Mobile devices and other data storage media.

Cortado Mobile Solutions

Cortado Mobile Solutions

Cortado Mobile Solutions creates enterprise mobility and file sharing solutions for companies, teams and freelancers.

Department of Justice - Office of Cybercrime (DOJ-OOC) - Philippines

Department of Justice - Office of Cybercrime (DOJ-OOC) - Philippines

The Office of Cybercrime within the Philippines Department of Justice is the Central Authority in all matters relating to international mutual assistance and extradition for cybercrime.

Secure-IC

Secure-IC

Secure-IC provide end-to-end, best-of-breed security expertise, solutions, and hardware & software technologies, for embedded systems and connected objects.

NuCrypt

NuCrypt

NuCrypt is developing technology that is applicable to ultrahigh security data encryption as well as key distribution.

1898 & Co

1898 & Co

Keep your critical assets secure with a comprehensive portfolio of services from high-level assessments to fully managed security services designed for operational technology applications.

O'Reilly Media

O'Reilly Media

O’Reilly’s help professionals learn best practices and discover emerging trends that will shape the future of the tech industry.

Bastion Networks

Bastion Networks

Bastion are a security-focussed managed solution provider and consultancy. We work with advanced cyber security vendors to produce managed security solutions to protect from online threats.

Certcube Labs

Certcube Labs

Certcube Labs provide a broad range of services in the areas of Assessments, Development, Risk Advisory, Blockchain, Forensics Investigations, Managed Security Solutions, and IT Security Trainings.

Orca Technology

Orca Technology

Orca is a UK-based Managed Service Provider delivering end-to-end managed IT services, support, hosted desktop, cloud solutions and strategic guidance.

Automotive Information Sharing & Analysis Center (Auto-ISAC)

Automotive Information Sharing & Analysis Center (Auto-ISAC)

Auto-ISAC provides a forum for companies to analyze and identify threats sooner and share solutions that enhance vehicle cybersecurity.

Rebellion Defense

Rebellion Defense

Rebellion Defense is a technology company developing advanced software to ensure mission-critical organizations stay ahead of emerging threats.

Toro Solutions

Toro Solutions

Toro provide managed security & consultancy to keep governments, businesses & society resilient in the space where cyber, physical & people security converge.

RIIG Technology

RIIG Technology

Our mission is to empower organizations with high-quality, verifiable data and advanced intelligence solutions, ensuring robust security and effective risk management.