Security News > 2022 > September > Revolut data breach: 50,000+ users affected

Revolut, the fintech company behing the popular banking app of the same name, has suffered a data breach, which has been followed by phishing attacks aimed at taking advantage of the situation.

A few days later, some users received an alert via email saying their account was affected following a cyberattack.

The attackers did not manage to access fund, credit card details, PINs or passwords, Revolut noted, but they had access to affected users' personal data.

Since Revolut operates as a registered bank in Lithuania, Lithuania's State Data Protection Inspectorate revealed on Tuesday that Revolut Bank suffered a data breach, that access to the database was obtained via social engineering methods, and that the data of 50,150 customers worldwide has potentially been compromised.

Revolut users targeted by phishing via SMS. In its data breach notice to affected users, Revolut warned them to "Be especially vigilant for any suspicious activity, including suspicious emails, phone calls or messages," and said that it would not call or text them regarding this incident.

Users who follow the link are first faced with a security challenge asking them to confirm they are not a robot and then are asked to solve a visual CAPTCHA. Finally, they are taken through a set of well crafted pages asking them to log into Revolut by entering their phone number, passcode, full name, email address, date of birth, and the info related to the debit card attached to their account.

News URL

https://www.helpnetsecurity.com/2022/09/20/revolut-data-breach-phishing/