Details On How Revolut's Payment System Got Hacked

Uploaded on 2023-07-19 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Financial, TECHNOLOGY--Hackers

In September 2022, the online bank Revolut was hit by a data breach where a third party gained unauthorised access to the company's database, compromising the personal information of thousands of users. According to the breach disclosure made to the State Data Protection Inspectorate in Lithuania, where Revolut holds a banking licence, a total of 50,150 customers worldwide were affected by the breach.

The issue was initially identified in late 2021, but before it could be resolved, cyber criminals exploited the vulnerability, resulting in the theft of approximately $23 million from the company's money.

Hackers identified differences between European and US payment systems and the hackers have exploited an unknown flaw in Revolut's payment systems to steal millions of the company's funds. It now emerges that the attack stemmed from problems connecting Revolut's US and European systems, causing some funds to be wrongly refunded using its own money when some transactions were declined.

The differences between Revolut's American and European systems meant that certain transactions were being rejected and then mistakenly refunded. This problem was discovered in late 2021, but before it could be closed  organized criminal groups leveraged the loophole by "encouraging individuals to try to make expensive purchases that would go on to be declined." The refunded amounts would then be withdrawn from ATMs.

Some of the money has been recovered by pursuing those who had withdrawn cash, but the mass fraud scheme is understood to have resulted in a net loss of about $20 million.

The disclosure comes after Interpol said the arrest of a suspected senior member of a French-speaking hacking crew known as OPERA1ER, which has been linked to attacks aimed at financial institutions and mobile banking services with malware, phishing campaigns, and large-scale Business Email Compromise (BEC) scams.

“Over the last four years, a highly-organised criminal organisation has targeted financial institutions and mobile banking services with malware, phishing campaigns and large-scale Business Email Compromise (BEC) scams,” says Interpol.

In an email sent to the affected customers, Revolut reassurreassured them that the hackers did not gain access to any card data, PINs or passwords. However, the company acknowledged that the attackers may have obtained customer information such as names, addresses, email addresses, dates of birth and phone numbers.

Interpol:     FT:     Computing:    Finance Magnates:    Hacker News:   KNews

You Might Also Read: 

Digital Banking & Cyber Crime:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

 

Cyber Security Intelligence: Captured Organised & Accessible

 

« The Most Used Malware In H1 2023
RomCom Hackers Target NATO Summit »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

NetMotion Software

NetMotion Software

NetMotion Software specializes in mobile performance management solutions to manage, secure and support the mobile enterprise.

D3 Security

D3 Security

D3's Smart SOAR platform is at the forefront of the security automation revolution, helping clients around the world to rapidly identify, analyze, and resolve advanced threats.

Arcanum Information Security (AIS)

Arcanum Information Security (AIS)

Arcanum Information Security is a specialist Information Assurance Consultancy and a leading provider of Cyber Security services to UK Defence, UK Government, Enterprise businesses and SMEs.

Xage Security

Xage Security

Xage is the world’s first blockchain-protected security platform for Industrial IoT.

Cyber Security Austria (CSA)

Cyber Security Austria (CSA)

Cyber Security Austria (CSA) is an independent non-profit association with the aim to address security issues in the area of IT/cyber security of critical/strategic infrastructures in Austria.

NITA Uganda (NITA-U)

NITA Uganda (NITA-U)

NITA-U has put in place the Information security framework to provide Uganda with the necessary process, policies, standards and guideline to help in Information Assurance.

Featurespace

Featurespace

Featurespace is a world-leader in Adaptive Behavioural Analytics and creator of the ARIC™ platform for fraud and risk management.

Nucleon

Nucleon

Nucleon enables cybersecurity tools, organizations and software developers to become proactive by blocking threats before they become breaches.

iQuila

iQuila

iQuila is a virtual overlay network which runs on top of an existing network. It creates a secure software enabled layer 2 connection across the internet or any public or private cloud.

Joint Accreditation System of Australia and New Zealand (JASANZ)

Joint Accreditation System of Australia and New Zealand (JASANZ)

JASANZ is the joint national accreditation body for Australia and New Zealand. The directory of members provides details of organisations offering certification services for ISO 27001.

RFA

RFA

RFA is a unique IT, financial cloud and managed cyber-security provider to the financial services and alternative investment sectors.

Argo Group

Argo Group

Argo is an international underwriter of specialty insurance. Argo Cyber offers a full spectrum of coverage solutions related to professional and technology services.

Onfido

Onfido

Onfido is building the new identity standard for the internet. We digitally prove people’s real identities using a photo ID and facial biometrics.

NeuVector

NeuVector

NeuVector, the leader in Full Lifecycle Container Security, delivers uncompromising end-to-end security from DevOps vulnerability protection to complete protection in production.

Zenity

Zenity

Zenity is the first and only security governance platform for low-code/no-code applications.

Proximus Ada

Proximus Ada

Proximus Ada is the first Belgian center of excellence combining artificial intelligence and cybersecurity.