Hacker Steals INR 7.3 Cr From Razorpay By Tampering Authorisation Process

Hacker Steals INR 7.3 Cr From Razorpay By Tampering Authorisation Process

SUMMARY

Razorpay’s head of legal disputes and law enforcement, Abhishek Abhinav Anand filed a complaint on May 16 and provided the details of the 831 failed transactions

The company claims to have already recovered part of the amount and is working with the relevant authorities for the rest of the process

The event occurred on certain merchant sites that were using an older version of the Razorpay integration, but no merchant funds were affected by this incident

Bengaluru-based fintech giant Razorpay has filed a complaint with the South East cybercrime police against theft of INR 7.3 Cr. The cybercrime police is trying to track down the hacker who stole INR 7.3 Cr over a period of three months.

The company claims that while auditing the transactions of the platform, the officials at Razorpay found that they were unable to reconcile the receipts of INR 7,38,36,192 against 831 transactions.

Razorpay’s head of legal disputes and law enforcement, Abhishek Abhinav Anand filed a complaint on May 16 and provided the details of the 831 failed transactions – including the date, time and IP address, among other relevant information to the police.

The theft is a result of someone tampering with the company’s authorisation and authentication process. The hacker(s) had created false approvals that were sent to Razorpay against the 831 failed transactions, resulting in a loss amounting to INR 7.38 Cr.

According to a Razorpay spokesperson, “During a routine payment process, an unauthorized actor(s) with malicious intent used the browser to tamper with authorisation data on a few merchant sites which were using an older version of Razorpay’s integration, due to gaps in their payment verification process. No end-consumer and no merchant data or merchant funds were affected by this incident.”

The company claims to have taken steps to mitigate the issue permanently and eliminate future occurrences. It also claims to have already recovered part of the amount and is working with the relevant authorities for the rest of the process.

The eight-year-old fintech unicorn claims to enable digital payments for 200K+ businesses including Airtel, IRCTC, NSE, Swiggy, etc. With large scale enterprises trusting the network and its payment authorisation technique, the possibility of ‘false’ authorisation puts a dent in the company’s security system.

India’s Rising Cyber Crime & Govt’s Way Of Tackling It

Over the past couple of years, Indian corporates similar to Razorpay have seen an increasing number of cyberattacks targeting their key infrastructure. For instance, in 2022 alone, hackers stole the personal data of 4.5 Mn Air India passengers, Indian petroleum refineries network faced over 90K cybercrime incidents, and multiple fake ‘gift card’ WhatsApp messages.

In the first two months of 2022, 2.2 Lakh cybercrime incidents were reported, outlining the need for a robust cybersecurity regulatory body. In fact, celebrities Rajkumar Rao and Sunny Leone were also subjected to PAN Card fraud when their details were used to take small defaulted loans, affecting their CIBIL Scores.

Fintech startups, though, have been at the centre of hackers’ attention. Besides Razorpay, MobiKwik and Juspay were also involved in data leak/breach incidents impacting over 21 Cr users.

Thus, last month, India’s cybersecurity agency Indian Computer Emergency Response (CERT-In) issued new directions to overlook response activities and emergency measures in case of cybercrime incidents.

Under the new guidelines, the Centre has made it compulsory for all companies to report all cybercrimes within six hours of noticing such incidents and keep the security log for 180 days within India.

You have reached your limit of free stories
Become An Inc42 Plus Member

Become a Startup Insider in 2024 with Inc42 Plus. Join our exclusive community of 10,000+ founders, investors & operators and stay ahead in India’s startup & business economy.

2 YEAR PLAN
₹19999
₹7999
₹333/Month
Unlock 60% OFF
Cancel Anytime
1 YEAR PLAN
₹9999
₹4999
₹416/Month
Unlock 50% OFF
Cancel Anytime
Already A Member?
Discover Startups & Business Models

Unleash your potential by exploring unlimited articles, trackers, and playbooks. Identify the hottest startup deals, supercharge your innovation projects, and stay updated with expert curation.

Hacker Steals INR 7.3 Cr From Razorpay By Tampering Authorisation Process-Inc42 Media
How-To’s on Starting & Scaling Up

Empower yourself with comprehensive playbooks, expert analysis, and invaluable insights. Learn to validate ideas, acquire customers, secure funding, and navigate the journey to startup success.

Hacker Steals INR 7.3 Cr From Razorpay By Tampering Authorisation Process-Inc42 Media
Identify Trends & New Markets

Access 75+ in-depth reports on frontier industries. Gain exclusive market intelligence, understand market landscapes, and decode emerging trends to make informed decisions.

Hacker Steals INR 7.3 Cr From Razorpay By Tampering Authorisation Process-Inc42 Media
Track & Decode the Investment Landscape

Stay ahead with startup and funding trackers. Analyse investment strategies, profile successful investors, and keep track of upcoming funds, accelerators, and more.

Hacker Steals INR 7.3 Cr From Razorpay By Tampering Authorisation Process-Inc42 Media
Hacker Steals INR 7.3 Cr From Razorpay By Tampering Authorisation Process-Inc42 Media
You’re in Good company