Unfortunately, in the crypto world, it often happens that centralized parties are not able to sufficiently protect the personal data of users. This time it hits the popular neobank Revolut. In the case of Revolut, hackers managed to steal the data of 50,000 people, whom they are now trying to defraud.
Start at the beginning
To understand the whole story we have to start at the beginning. Revolut’s banking license is registered in Lithuania, so the neobank initially had to notify the authorities there. They immediately released that Revolut is the victim of a ‘social hack’, something the neobank did not want to admit before.
In a social hack, the hackers capitalize on the weaknesses of people in the organization to gain access to data. So this is about manipulating individuals and not so much about an actual hacking of the system. Unfortunately, that is something that many companies cannot protect themselves against, except of course by properly informing the staff.
What you often see is that in these cases staff receive an email ‘from the board’ with the subject of something along the lines of ‘wage increases 2022-2023’, a subject that is just too interesting not to click on. Faulty software then enters the system when employees open the mail.
What does Revolut admit?
The neobank describes the incident as a “targeted cyber attack,” in which an unauthorized third party gained access to a small percentage of Revolut users’ personal data. Admittedly, this concerns 0.16 percent of the customers, but that still concerns more than 50,000 people worldwide. “We were able to quickly identify and isolate the attack to mitigate the effects,” he said writes revolution.
That would be a fantastic response, were it not for the fact that a customer who was not aware of the hack was also approached by the hackers. “I did not receive an email from you, but I did receive a scam SMS in which the sender claims to be from Revolut. How did they get my number and how do they know I have a Revolut account?” So asks JT is off on Twitter.