Revolut hack exposes data of 50,000 users, fuels new phishing wave

Gandalf_The_Grey

Level 78
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,770
Revolut has suffered a cyberattack that gave an unauthorized third party access to personal information of tens of thousands of clients.

The incident occurred a week ago, on Sunday night, and has been described as "highly targeted." Founded in 2015, Revolut is a financial technology company that has seen a rapid growth, now offering banking, money management, and investment services to customers all over the world. In a statement for BleepingComputer, a company spokesperson said that an unauthorized party had access "for a short period of time" to details of only a 0.16% of its customers.

"We immediately identified and isolated the attack to effectively limit its impact and have contacted those customers affected. Customers who have not received an email have not been impacted" - Revolut
According to the breach disclosure to the State Data Protection Inspectorate in Lithuania, where Revolut has a banking license, 50,150 customers have been impacted. Based on the information from Revolut, the agency said that the number of affected customers in the European Economic Area is 20,687, and just 379 Lithuanian citizens are potentially impacted by this incident. Details on how the threat actor gained access to the database have not been disclosed but it appears that the attacker relied on social engineering. The Lithuanian data protection agency notes that the likely exposed information includes:
  • Email addresses
  • Full names
  • Postal addresses
  • Phone numbers
  • Limited payment card data
  • Account data
However, in a message to an affected customer, Revolut says that the type of compromised personal data varies for different customers. Card details, PINs, or passwords were not accessed.

Revolut emphasizes that the intruder did not gain access to users' funds.

"Our customers’ money is safe - as it has always been. All customers can continue to use their cards and accounts as normal," the company spokesperson told BleepingComputer. The company reacted quickly to the intrusion and significantly limited the risk to its customers, isolating the attack by early Monday (2 A.M.).

As a precaution, Revolut formed a dedicated team tasked with monitoring customer accounts, to make sure that both money and data are safe.

Users should be "extremely wary" of any messages requesting personal details or passwords. Revolut will not call customers about the incident and will never ask for sensitive information.
 

upnorth

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,458
As a precaution, Revolut formed a dedicated team tasked with monitoring customer accounts, to make sure that both money and data are safe.
200.gif
 

upnorth

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,458
There's another twist I just saw that I wouldn't be surprised at all if it helped this latest hack.
Primarily, we advocate for direct, face-to-face communication. However, with a global workforce, that may not always be feasible, and there will be situations where we must record information for future use. That’s why we use Slack, Atlassian Confluence, and JIRA to support our internal communication.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top