It was Revolut’s turn. Another day, another data breach in the crypto world. About a week ago, someone inside the corporate headquarters fell for a scam. According to Revolut, the social hackers only had access to the data “for a short time”. And the breach only affected 0.16% of their customers. Not too bad, right? Well, apparently the attackers got the data of 50,000 people and are already trying to scam them. Also, they may have taken over the Revolut website.
But let’s start at the beginning. The company’s banking license is registered in Lithuania, so Revolut reported the incident to the authorities there. National Data Protection Inspectorate. They are the ones who revealed that the attack was through social engineering. Revolut did not admit it. The Lithuanian Data Protection Agency also offered a full summary of the case which contains most of the facts:
“According to the revised information provided, the data of 50,150 customers worldwide (including 20,687 in the European Economic Area), such as names, addresses, e-mails, may have been affected during the incident. postal, telephone numbers, part of the payment card data (according to the information provided by the company, the card numbers were masked), account data, etc.
And, to cover all the bases, here’s the definition of “social engineering” according to at Investopedia:
“Social engineering is the exploitation of human weaknesses to gain access to personal information and protected systems. Social engineering relies on manipulating individuals rather than hacking into computer systems to break into a target’s account.
What does Revolut support?
The company described the incident as a “highly targeted cyberattack” in which an “unauthorized third party” gained access to a small percentage of users’ personal data. In a shared statement with Bleeping ComputerRevolut continued:
“We immediately identified and isolated the attack to effectively limit its impact and contacted the affected customers. Customers who did not receive an email are not impacted.
To be clear, no funds were accessed or stolen. Our customers’ money is safe, as it always has been. All customers can continue to use their cards and accounts normally. »
Not too bad, right? Well, at least one customer who didn’t receive an email reports being contacted by the scammers. “I haven’t received an email from you yet. I’m getting a scam text saying it’s from Revolut. How did they get my number and know I had a Revolut account?” JT tweeted a few days ago. He received a generic “Hi! Could you please contact our support team via the integrated chat about this? as an answer.
The company’s official statement ends with promises:
“We take incidents like these extremely seriously, and would like to sincerely apologize to all customers who have been impacted by this incident, as the security of our customers and their data is our top priority at Revolut.
Is there more to the story, though?
ETH price chart for 09/23/2022 on FTX | Source: ETH/USD on TradingView.com
There might have been more shenanigans, according to Bleeping Computer. Apparently Revolut users reported that the support chat was display foul language near the time of the social engineering incident. The publication states:
“While it’s unclear whether this degradation is related to the breach disclosed by Revolut, it does show that hackers may have had access to a wider range of systems used by the company.”
Have the hackers had access to more than the admitted data? Or was it a separate incident and it was all just a coincidence? Can we believe the reports? A few pictures don’t prove anything, and there are no dates on them. Why would hackers deface the website if they were looking for money? On the other hand, maybe they did. And those messages could mean they got more access than Revolut admitted.
Featured Image by Kris from Pixabay | Charts by TradingView