Fintech startup Revolt has confirmed it was hit by a highly targeted cyber attack that allowed hackers to access the personal information of tens of thousands of customers.
“An unauthorized third party accessed the short-term details of a small percentage (0.16%) of our customers,” Vigilance spokesperson Michael Bodansky told TechCrunch. Revolut discovered malicious access late on September 10 and identified the attack the following morning.
“We immediately identified the attack and managed to effectively limit the impact and contact the affected customers,” Bodanski said. “Customers who did not receive the email were not affected.”
Revolut, which has a banking license in Lithuania, would not say exactly how many customers were affected. His website company has approximately 20 million customers; 0.16% translates to 32,000 customers. However, according to authorities in Lithuania, the Revolt breach, which was first spotted by Bleeping’s computer, has affected 50,150 customers, including 20,687 customers in the European Economic Area and 379 Lithuanian nationals.
Revolut also declined to say what information was accessed, but told TechCrush that no money was accessed or stolen in the incident. “No card details, PINs or passwords were found,” the firm said in a Reddit message to affected customers. However, the breach disclosed that hackers were able to access partial card payment data, including customers’ names, addresses, email addresses and phone numbers.
The official statement states that the threat actor used social engineering techniques to gain access to Revolut’s database, which typically involved persuading the employee to hand over sensitive information such as their password. This has recently become a popular tactic in attacks against many well-known companies, including Twilio, MelChimp, and Okta.
But Revolut warned that the breach seems to exist It is triggered phishing campaign, and customers are urged to exercise caution when receiving any communications regarding the breach. The startup advises that it will not call or send SMS messages to its customers with login data or access codes.
As a precaution, Revolut has established a team tasked with monitoring customer accounts to ensure that both funds and data are safe.
Bodanski added, “We take matters like this incredibly seriously, and we sincerely apologize to our customers who were affected by this incident. The safety of our customers and their information is our top priority at Revolut.”
Last year, Revolt raised $800 million in new capital, valuing the startup at more than $33 billion.