News

Flutterwave Loses $13.5 Million in Fresh Cyberattack

Flutterwave suffered another security breach that allowed unknown persons to illegally transfer between Ksh.926 million ($7 million) and Ksh.1.7 billion ($13.5 million)  directed to undisclosed bank accounts.

The incident was reported in April this year, according to anonymous financial services insiders, raising concerns about the integrity of its financial security measures.

This comes a month after a Nigerian Court directed Flutterwave to recover $24 million lost to unauthorized Point-of-Sale (POS) transactions on February 1, this year. The firm contacted over 6,000 account holders across 35 banks and financial institutions to recover money.

In a statement, Flutterwave acknowledged the incident saying, “As is common in the financial services industry, there will always be attempts by bad actors to compromise the security of systems set up to protect and monitor services.”

“In April, we detected unauthorized activities inconsistent with usual customer behavior on one of our platforms used by a small subset of our customer base.”

Also Read: CBK warns financial institutions over growing money fraud within self

Flutterwave did not specify the amount involved but insisted that “no customer funds were lost or compromised, and the confidentiality of our customers’ data remains intact.”

According to Flutterwave, April’s breach appears distinct.  “An organized network may have been involved in the distribution,” said a highly placed staff at a financial institution.

“The perpetrators appeared to transfer the money to random accounts but these same accounts would also transfer money to other accounts who then sent it back to the first beneficiary account.”

The fintech firm also verified contacting financial institutions to acquire Know Your Customer (KYC) details for the accounts suspected of participating in the unauthorized transfers.

These accounts have purportedly been flagged and temporarily restricted by the respective banks.

Moreover, the methods used by hackers to exploit vulnerabilities in its systems remain disclosed.

Monitor Your Business Transaction

Collins Ogutu

Nairobi based Digital Journalist, Corporate Communication Expert and Digital Marketer with a wealth of experience in multimedia. Accredited member of the Media Council of Kenya.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button