Hackers Grab $130M Using Brazil’s Real-Time Payment System www.databreachtoday.com/hackers-g…

Attackers stole $130 million from Brazil’s real-time payment system on Friday by wielding valid credentials for an IT service provider.

The unauthorized transfer of funds, some of which have been recovered, involved unauthorized access to an IT environment operated by financial technology provider Sinqia, a Brazilian subsidiary of publicly traded Evertec. Based in Sao Paulo, Brazil, Sinqia provides a platform used by 24 banks to connect to the Brazilian Central Bank’s real-time payment system, called Pix.

Preliminary results from an ongoing digital forensic investigation into the attack “indicate that the unauthorized transactions were introduced into Sinqia’s Pix environment by exploiting legitimate Sinqia IT vendors' credentials,” Evertec disclosed to investors.