Fin-tech giant Revolut has suffered a serious breach, with unknown hackers compromising more than 50,000 customer accounts.
The breach occurred on Sunday, Sept. 11, with Revolut moving quickly to mitigate the impact. While the attack was stifled by the following day, hackers had already managed to compromise 50,150 accounts, or 0.16% of the current install base.
A scary notice
Affected customers took to the web to share the unsettling letter sent to them by the company, with Revolut saying the attack was highly targeted and that those receiving the notice are now at “increased risk of fraud.”
“We recently received a highly targeted cyber attack from an unauthorized third party that may have gained access to some of your information for a short period of time,” the company tells those impacted by the breach. “You do not need to take any action, however we wanted to let you know, and sincerely apologize for this incident.”
All signs point to a phishing attack targeting Revolut employees to obtain access to the company’s infrastructure.
Hackers steal phone numbers, addresses, full names
Revolut’s letter to affected clients says “we want to reassure you that your data is now safe. But according to the State Data Protection Inspectorate in Lithuania, where Revolut is licensed to operate as a bank, hackers likely got their hands on email addresses, full names, postal addresses, phone numbers, limited payment card data, and various types of data related to the users’ accounts, meaning those affected are indeed at increased risk of fraud and phishing attacks.
“We emphasize that no access was made to the theft of funds,” Revolut adds. “Your money is safe, as always. You can use your card and account normally.”
Revolut recommends that, while users’ money should be safe, they should be “especially vigilant for any suspicious activity, including suspicious emails, phone calls or messages.”
“This was an isolated incident and the security of our customers’ accounts remains our top priority,” the letter states.
Watch out for ongoing phishing attacks, fraud
A smishing campaign is said to be underway targeting Revolut customers, likely in an effort to capitalize on the scare.
And according to this Reddit thread, the hack ‘coincided’ with an inside job where a rogue employee tampered with the company’s customer support chat. It wouldn’t be out of the question for the two incidents to be, in fact, correlated.
The fin-tech giant apologetically tells impacted clients that it won’t be able to answer all of their questions as investigations are still ongoing, only promising to “be in touch shortly with further information if needed.”
Revolut maintains that no card details, PINs or passwords were accessed as a result of this incident.