Mumbai, May 20: Online payment gateway Razorpay said that hackers stole Rs 7.3 crore worth of funds over a period of three months and 831 transactions, Business Standard reported.
The fraud came to the notice of the company during an audit it carried for its transaction.
Razorpay spokesperson in a statement said: “During a routine payment process, an unauthorised actor(s) with malicious intent used the browser to tamper with authorisation data on a few merchant sites which were using an older version of Razorpay’s integration, due to gaps in their payment verification process. No end-consumer and no merchant data or merchant funds were affected by this incident.”
According to media reports the hacker manipulated the authorization process of the gateway to authenticate 831 transactions. “Razorpay has proactively taken steps to mitigate the issue permanently and eliminate future occurrences. The company has already recovered part of the amount and is proactively working with the relevant authorities for the rest of the process,” said the company spokesperson of Razorpay.
Hackers attacking banks and financial institutions for data breach and data theft is a well known trend, but the Razorpay incident could be the first among the payment gateway players.
The only other hacking incident where money got stolen from a bank was in 2016 when the Union Bank of India lost $171 million to hackers. The hackers had made use of the SWIFT to swindle money.
Some of the other well-known breaches include Mobikwik’s in 2021, when data of over 3 million users was hacked into. But data breach or hacking into systems to get customer data like KYC or passwords are very common. Hacking to steal money directly from financial institutions is still very rare.
Cybercrime and cyber attacks has gone up exponentially since 2020. According to the Ministry of Electronics and Information Technology (Meity) between 2018 and 2021 there has been five fold jump in the number of cybercrime and fraud incidents.