Hackers steal $1 million USD from Razorpay

Media outlets in India report that an unidentified hacker managed to steal around $1 million from Razorpay, a payment processing company. Apparently, the attacker remained hidden in the company’s systems for three months, manipulating security mechanisms to authenticate over 800 illegitimate transactions.

Razorpay Software Private Limited provides online payment services that allow businesses in India to collect payments via credit card, debit card, net banking, and even cryptocurrency wallets.

The malicious activity was detected when a team at Razorpay Software Private Limited was auditing the transactions. Company employees were unable to reconcile transaction files with funds in enterprise accounts.

Abhishek Abhinav Anand, in charge of legal disputes and legislative compliance at Razorpay, filed a complaint with the southeast Indian cybercrime unit earlier this week.

Authorities are trying to identify the hacker or hacker group responsible for the attack, based on recorded online transactions. Meanwhile, Razorpay also ordered an internal investigation, revealing that the attacker compromised and manipulated the transaction authorization process to complete the attack; as a result, threat actor approved a total of 831 failed transactions, which mean losses around $1 million.

Razorpay shared with law enforcement detailed information about these 831 illegitimate transactions, including date, time and IP address.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.