Dave.com confirmed a security breach after threat actors leaked 75,16,625 user records on a hacking forum.
Dave.com confirmed a security breach after threat actors leaked 75,16,625 user records on a hacking forum.
Dave.com
Dave is a digital banking service, which lay stress on no overdraft fee and provides loans to individual’s accounts at their banks for overdraft protection.
Dave confirms that a security breach originated on the network of a former business partner Waydev, an analytics platform used by engineering teams.
Who was behind the data breach?
Cyble research team notified Dave on July 2 about the security breach and identified the known threat actor ’ShinyHunters’ who initially attempted to sell the database on an auction, by the alias ‘hasway’ at the hacking forum exploit.
On July 24, things changed as the threat actors put up the leaked user records for free.
ShinyHunters is the same person/group who also breached and sold data of companies including Mathway, Tokopedia, Unacademy and many more.
Image@ZDNet
What data are exposed?
The leaked data includes User ID, contact numbers, email addresses, full name, date of birth, residential address, Risepay ID, Synapsepay ID.
Unfortunately, the data also includes Social Security numbers and payment card details.
What are the actions taken by Dave.com?
Dave is notifying its customers about the security breach, and also forced a password reset in response to the incident.
“As soon as Dave became aware of this incident the company immediately initiated an investigation, which is ongoing, and is coordinating with law enforcement, including with FBI around claims by a malicious party that it has ‘cracked’ some of these passwords and us attempting to sell Dave customer data, ” said Dave.
The company has contracted security firm CrowdStrike to investigate the security breach.
Dave said that currently, it has no evidence to indicate that hackers used the data to gain entry to user accounts and execute any unauthorised actions.
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.
You may be interested in reading: “BlueLeaks” Exposes Data of 200 US police Departments and Exposed Online