Neo bank Revolut has launched a new service called Revolut Pro to help freelancers, sole traders, contractors, and self-employed individuals manage their business income and expense management. Unfortunately, the announcement comes at a time when the company has reported a cyberattack affecting up to 50,000 of its customers. Here’s how and where the incident most likely happened and what to avoid if you are a Revolut customer. Plus a review on that new product for freelancers.
The Freelance Informer first got wind of the breach through Twitter chatter in the fintech space, but the company has since confirmed it was targeted by a cyberattack that allowed hackers to access the personal details of tens of thousands of customers.
Revolut spokesperson Michael Bodansky told TechCrunch that an “unauthorised third party obtained access to the details of a small percentage (0.16%) of our customers for a short period of time.”
Revolut discovered the malicious access late on September 11 and isolated the attack by the following morning.
“We immediately identified and isolated the attack to effectively limit its impact and have contacted those customers affected,” Bodansky said. “Customers who have not received an email have not been impacted.”
The attack occurred in Lithuania, where Revolut has a banking license. Given that the breach impacted customers worldwide, reports are estimating that the small percentage of customers affected equates to about 32,000.
However, Revolut’s breach disclosure to the authorities in Lithuania, first spotted by Bleeping Computer, reported that the company says 50,150 customers were impacted by the breach, including 20,687 customers in the European Economic Area and 379 Lithuanian citizens.
The breach disclosure states that hackers likely accessed partial card payment data, along with customers’ names, addresses, email addresses and phone numbers.
How did the Revolut hack happen?
The disclosure states that the threat actor used social engineering methods to gain access to the Revolut database, which typically involves persuading an employee to hand over sensitive information such as their password, it was reported.
Warning for all Revolut customers
Revolut has warned customers of phishing emails, and urged customers to be careful when receiving any communication regarding the breach. The e-bank advised customers that it will not call or send SMS messages asking for login data or access codes.
As a precaution, Revolut has also formed a dedicated team tasked with monitoring customer accounts to make sure that both money and data are safe.