Hackers have stolen ₹7.8 crore from payment gateway firm Razorpay. According to PTI, along with hackers, fraudulent customers stole ₹7.38 crore by tweaking the authorisation process of Razorpay Software. Then, they authenticated 831 failed transactions, a police complaint by Razorpay revealed.
In a complaint lodged with the South East Cyber Crime Cell on May 16, Razorpay’s Head of Legal Disputes and Law Enforcement, Abhishek Abhinav Anand said that the company wasn’t able to reconcile receipt of ₹7.38 crore against 831 transactions.
What happened to Razorpay’s safety?
When Razorpay reached out to its “authorisation and authentication partner” Fiserv, Razorpay was informed that these transactions had failed authentication. Upon learning this from Fiserv, Razorpay initiated an internal investigation, discovering 831 transactions against 16 unique merchants of Razorpay – all between March 6 to May 13 this year. The complaint mentioned amount “to a tune of ₹7,38,36,192.”
Also read: Researchers Hacked iPhones That Are Turned Off Using Bluetooth Vulnerability
“These 831 transactions were marked as failed or unsuccessful by Fiserv, owing to authentication and authorization failure. However, it is found out that certain unknown hackers and fraudulent customers have tampered, altered and manipulated the ‘authorization and authentication process’,” Anand said in his complaint.
“Due to this, false altered communications as ‘approved’ were sent to Razorpay system against the 831 transactions, resulting in losses to a tune of ₹7,38,36,192 to Razorpay,” Anand added.
When Razorpay had received the hacked communications, it had sent confirmation to their merchants for fulfilment of the orders as well, according to Anand. In the complaint, Anand revealed the details of these fraudulent transactions along with the date, time, and the IP address of alleged hackers.
Also read: How Hackers Fooled Tech Giants Like Apple, Meta Into Giving Personal Data Of Minors
Meanwhile, a Razorpay spokesperson in a statement explained – “During a routine payment process, an unauthorized actor(s) with malicious intent used the browser to tamper with authorization data on a few merchant sites which were using an older version of Razorpay’s integration, due to gaps in their payment verification process.”
What do you think about this Razorpay fiasco? Let us know in the comments below. For more in the world of technology and science, keep reading Indiatimes.com.
P.T.I. (2022a, May 20). Hackers, fraudsters steal ₹7.38 crore from payment gateway firm Razorpay. Hindustan Times.