It was Revolut’s turn. Another day, another data breach in the crypto world. About a week ago, someone inside the company’s headquarters fell for a scam. According to Revolut, the social hackers only had access to the data “for a short period of time”. And the breach only affected 0.16% of its customers. Not too bad, right? Well, apparently the attackers obtained data of 50,000 people and are already trying to scam them. Also, they may have gained control of Revolut’s website.
But let’s start at the beginning. The company’s banking license is registered in Lithuania, so Revolut reported the incident in the center of that country. State Data Protection Inspectorate. They are the ones who revealed that the attack was through social engineering. Revolut did not admit it. Lithuania’s data protection agency also provided a fact-filled summary of the case containing most of the facts:
“According to the reviewed information provided, the data of 50,150 customers worldwide (including 20,687 in the European Economic Area), such as names, addresses, e-mails, may have been affected during the incident. postal addresses, telephone numbers, part of the payment card data (according to the information provided by the company, the card numbers were masked), account data, etc.”
And, to cover all the bases, here is the definition of “social engineering” according to you on Investopedia:
“Social engineering is the act of exploiting human weaknesses to gain access to personal information and protected systems. Social engineering is based on manipulating people rather than hacking computer systems to penetrate a target’s account” .
What does Revolut support?
The company described the incident as a “highly targeted cyber attack” in which an “unauthorized third party” gained access to a small percentage of users’ personal data. In a shared statement with Bleeping ComputerRevolut continued:
“We immediately identified and isolated the attack to effectively limit its impact and contacted affected customers. Customers who did not receive an email were not affected.
To be clear, no funds were accessed or stolen. Our customers’ money is safe, as it always has been. All customers can continue to use their cards and accounts as normal.”
Not too bad, right? Well, at least one customer who didn’t receive an email is reporting being contacted by scammers. “I haven’t received an email from you, I’m still getting a scam text message claiming to be from Revolut. How did they get my number and know I have a Revolut account? JT tweeted a couple of days ago Got a generic “Hi! Can you contact our support team via in-app chat about this?” as a response.
The company’s official statement ends with promises:
“We take incidents like these incredibly seriously and would like to sincerely apologize to all customers who have been affected by this incident, as the security of our customers and their data is our highest priority at Revolut.”
Is there more to the story though?
ETH price chart for 09/23/2022 on FTX | Source: ETH/USD on TradingView.com
According to Bleeping Computer, there might have been more mischief. Apparently, Revolut users reported that the support chat was shows vulgar language near the time of the social engineering incident. The post clarifies:
“While it is unclear whether this disruption is related to the breach disclosed by Revolut, it shows that the hackers may have gained access to a wider range of systems used by the company.”
Did the hackers gain access to more data than allowed? Or was it a separate incident and all of this just a coincidence? Can we believe the reports? A couple of pictures prove nothing, and there are no dates. Why would hackers deface the website if they were looking for money? On the other hand, maybe so. And those messages could mean they had more access than Revolut admitted.
Featured Image by Kris from Pixabay | Charts by TradingView