Last month, Flutterwave, Africa’s largest startup by private valuation, was involved in a hack that resulted in more than ₦2.9 billion (~$4.2 million) missing from its accounts, according to the local technical publication Tech point Africa.
According to the documents seen by the publication and reviewed by ukbusinessupdates.com, unknown actors transferred the money across 28 accounts in 63 transactions in early February. Police investigations are ongoing as Flutterwave, through legal counsel and law enforcement parties, has filed a motion seeking to freeze bills about 27 financial institutions interacting with the missing funds, Techpoint Africa reported.
Several tweets also appeared this weekend about the alleged hack. Some information provided about the hack, while others complained about blocked accounts that may be related to the hack. According to Techpoint Africa, the motion has been filed that 107 accounts, including the fifth beneficiaries of those accounts, be placed under lien/Post-No-Debit (PND). This directive prohibits bank customers from withdrawing money from their account.
The cause and method of the attack remain unclear. However, one of the postulations of online commentary is that the hack may have been socially designed, meaning merchants’ keys have been compromised, allowing the hackers to access the funds in their Flutterwave accounts.
Meanwhile Flutterwave, via a rack on the matter, has denied that it was hacked. S
At Flutterwave, we understand that our customers’ personal and financial information is of the utmost importance. We take this responsibility seriously and understand that any potential security breach can cause fear and concern for our customers. We want to assure you that Flutterwave has not been hacked. As a financial institution, we monitor transactions through our transaction monitoring systems and our 24-hour fraud desk and review suspicious activity. We work with other financial institutions and law enforcement agencies to keep our ecosystem safe.
During a routine check of our transaction monitoring system, we noticed an unusual trend of transactions on some users’ profiles. Our team immediately launched an assessment (in line with our standard procedure) which found that some users who had not activated some of our recommended security settings may be susceptible.
We want to confirm that no user has lost money and we are proud that our security measures were able to resolve the issue before our users could be harmed.
Our commitment to keeping our users’ financial information safe is why we invest heavily in security initiatives such as periodic audits, certifications and licensing such as the PCI-DSS & ISO 27001. These are in line with global security best practices information security management.
We want you to continue to trust us and feel safe using Flutterwave for your business needs. Our commitment is to enable your business to grow while keeping your financial information safe.
This is an evolving story…