Revolut hacked, data of over 50,000 customers stolen


Next to Uber, it is time to add another giant, this time from the financial market, to the list of victims of September break-ins. A week ago, there was a major security incident in Revolution. The burglar supposedly did not steal the funds, but got into the clients’ data.

According to The Times, the hack into Revolut took place on Sunday, September 11, and the attacker gained access to the company’s systems through effective phishing on one of the employees. So far, the network lacks many details of the attack, but we have been able to track some traces and put them together to piece together a picture of the situation.

Lithuanian UODO notifies

Revolut operates as a bank registered in Lithuania, so it is with VDAI (lit. Valstybinė duomenų apsaugos inspekcija), the local equivalent of the Polish UODO, we started looking for traces of the incident. We found yesterday’s article confirming his occurrence. We learned from a VDAI announcement that the attack was triggered by social engineering techniques. The incident could concern the data of 50,150 customers, of whom 20,687 are users from the territory of the European Union (including 379 people from Lithuania). The data concerned by the incident are names, surnames, postal addresses, e-mail addresses, telephone numbers, account details and some payment card details (not further specified).

Revolut warns customers

The VDAI announcement also indicated that the victims of the incident had received messages from Revolut. We were able to locate the text of this message from Thursday. It contains nothing specific except confirmation of the incident and information that clients’ funds are safe. According to messages from Revolut, data such as payment card details, PINs or passwords did not end up in the hands of criminals. Revolut also reports that the incident affected 0.16% of customers (which, combined with the VDAI announcement, suggests that Revolut currently has around 31 million customers).

Other weird traces on the web

While looking for other weird Revolut cases last week, we came across this unusual incident that was reported on September 11 in the evening, therefore, when the hack was supposed to have occurred. Someone noticed that when they started chat with Revolut support in the app, the first message was quite vulgar.

Initially, in responses to customers, Revolut did not explain the reason for this phenomenon:

Vulgar replies also appeared in customer chats:

Another LAPSUS $ incident in the background?

The events described above give a strange impression of an incident quite similar to the recently described break-in into Uber or earlier break-ins at Microsoft, Nvidia, Samsung or Octa. Are the same people behind it? We’ll probably find out soon – the perpetrators of previous burglaries were identified quite quickly.


I am a Revolut customer, what should I do?

If you haven’t received an email from Revolut, it means your data has clearly not been leaked, so you can sleep well for now. If it came, follow Revolut’s recommendations – be vigilant in case someone contacts you regarding your account.

PS. We do not have an episode about Revolution, but we have two about electronic banking security – until Monday you can order a free episode of our Security Awareness video training without any obligations.

Update 22:00

Below is the official position of Revolut in Polish:

Revolut recently experienced a highly targeted cyber attack. As a result, an unauthorized third party was able to access the data of a small percentage (0.16%) of our customers for a short time.

We quickly identified and isolated the attack to dramatically reduce its reach, and contacted the affected customers.It should be made clear that no funds were stolen or accessed. Our clients’ funds were and are safe. All customers can use their cards and accounts as normal.
We take this type of incident extremely seriously. We apologize the most to the customers whom he has touched. The security of customer data remains a top priority at Revolut.

The article is in Polish

Tags: Revolut hacked data customers stolen


PREV Good news for drivers. How much will you have to pay for a liter of gasoline?
NEXT Ethereum with the worst week since June. Selling the facts of The Merge of the ETH network?