Revolut confirms cyberattack exposed personal data of tens of thousands of users • TechCrunch


Fintech startup Revolut has confirmed it was hit with a highly targeted cyber attack that gave hackers access to the personal details of tens of thousands of customers.

Revolut spokesman Michael Bodansky told TechCrunch that “a small percentage (0.16%) of customer details were obtained within a short period of time by unauthorized third parties.” Revolut discovered the malicious access later on Sept. The attack was isolated the next morning.

“We immediately identified and quarantined the attack to effectively limit its impact and contacted affected customers,” Bodanski said. “Customers who did not receive the email were not affected.”

Revolut, which has a banking license in Lithuania, would not say exactly how many customers were affected. Its website says the company has about 20 million customers; 0.16% would translate to about 32,000 customers.However, according to Revolut’s Violation of disclosure Lithuanian authorities, the first to discover beeping computerthe company said 50,150 customers were affected by the breach, including 20,687 customers in the European Economic Area and 379 Lithuanian citizens.

Revolut also declined to say what type of data was accessed, but told TechCrunch that no funds were accessed or stolen in the incident.exist Message to Affected Customers The company posted on Reddit that “there was no access to card details, PINs, or passwords.” However, the breach disclosure noted that hackers may have accessed some credit card payment data, as well as customers’ names, addresses, email addresses, and phone numbers.

The disclosure states that threat actors used social engineering methods to gain access to the Revolut database, which often involves convincing employees to hand over sensitive information, such as their passwords. This has become a popular tactic in recent attacks against many well-known companies including Twilio, Mailchimp, and Okta.

But Revolut warns that the breach appears to be trigger phishing campaign and urge customers to be careful when they receive any communications about breaches. The startup advises customers that it will not call or text for login data or access codes.

As a precautionary measure, Revolut has also set up a dedicated team to monitor customer accounts to keep funds and data safe.

Bodansky added: “We take this type of incident very seriously and we sincerely apologize to any customers affected by this incident, as the safety of our customers and their data is Revolut’s top priority.”

Last year, Revolut raised $800 million in new funding, valuing the startup at more than $33 billion.





Source link

Leave a Reply

Your email address will not be published.