Revolut security breach: data of +50,000 users exposed

Revolut has suffered a cyberattack, threat actors have had access to personal information of tens of thousands of customers.

The financial technology company Revolut suffered a ‘highly targeted’ cyberattack over the weekend, threat actors had access to the personal information of 0.16% of its customers (approximately 50,000 users).

The company states that it has already contacted the impacted customers

“We have contacted the impacted individuals by email with further information regarding the types of data that may have been exposed. […] We take incidents such as these incredibly seriously, and we would like to sincerely apologise to any customers who have been affected by this incident as the safety of our customers and their data is our top priority at Revolut.” reads the statement issued by Revolut. “We immediately identified and isolated the attack to drastically limit its impact and have contacted those customers affected. Customers who have not received an email have not been impacted.”

The Lithuanian State Data Protection Inspectorate has started an investigation into the security breach, according to preliminary data, threat actors had access to the Revolut database through the use of social engineering techniques.

Upon discovering the intrusion, the security team promptly locked out the threat.

The authority confirmed that the data of 50,150 customers around the world (including 20,687 in the European Economic Area) were compromised. Exposed data include names, addresses, emails, postal addresses, telephone numbers, part of the payment card data (according to the information provided by the company, the card numbers were masked), account data, etc. The attackers did not access the users’ funds.

Revolut points out that it will not call or send SMS messages to its users or ask for login data or access codes due to the security breach, and warns users to be vigilant about phishing attacks.

BleepingComputer first reported that some Revolut customers claim that around the time of the incident the support chat was defaced by displaying inappropriate language to visitors.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, data breach)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.