Razorpay was hacked for Rs 7.3 crore in 831 transactions over three months
On some merchant sites that used an older version of Razorpay's integration, fraudsters were utilising the browser to tamper with authorization data.
admin
Hackers stole Rs 7.3 crore in 831 transactions over three months, according to online payment provider Razorpay.
The scam was discovered during an examination of the company's transactions. "During a routine payment process, an unauthorised actor(s) with malicious intent used the browser to tamper with authorization data on a few merchant sites that were using an older version of Razorpay's integration, due to gaps in their payment verification process," according to a Razorpay spokesperson. This event had no impact on end-users, merchant data, or merchant payments."
According to claims in the media, the hacker used the gateway's authorisation process to authenticate 831 transactions. "Razorpay has taken proactive actions to permanently remediate the issue and prevent future occurrences." "The company has already recovered a portion of the money and is working with the appropriate authorities to complete the process," a company spokeswoman said.
Although data theft from banks and financial organisations is a well-known practise, the Razorpay event may be the first among payment gateway players.
Other well-known data breaches include the one at MobiKwik in 2021, which exposed the personal information of nearly 3 million customers. However, data breaches and system hacking to obtain client data such as KYC or passwords are fairly common. Hacking into financial organisations to steal money is still uncommon.
Since 2020, cybercrime and cyberattacks have increased at an exponential rate. According to the Ministry of Electronics and Information Technology, the amount of cybercrimes and frauds increased fivefold between 2018 and 2021.
The threat level in the financial sector has dramatically increased. In the first half of 2021, Trend Micro discovered 4,497 online banking malware in India.
"We are likely to witness the increase of attacks against financial systems and more advanced mobile threats," Kaspersky warned in its threat prediction for 2022.
