Tech unicorn Dave admits to security breach impacting 7.5 million users

Image source: homepage

Digital banking app and tech unicorn confirmed today a security breach after a hacker published the details of 7,516,625 users on a public forum.

In an email to ZDNet today, Dave said the security breach originated on the network of a former business partner, Waydev, an analytics platform used by engineering teams.

“As the result of a breach at Waydev, one of Dave’s former third party service providers, a malicious party recently gained unauthorized access to certain user data at Dave,” a spokesperson told ZDNet.

The company said it has already plugged the hacker’s point of entry and is in the process of notifying customers of the incident. Dave app passwords are also being reset after being exposed.

“As soon as Dave became aware of this incident, the company immediately initiated an investigation, which is ongoing, and is coordinating with law enforcement, including with the FBI around claims by a malicious party that it has ‘cracked’ some of these passwords and is attempting to sell Dave customer data,” Dave said.

The company also brought in cyber-security firm CrowdStrike to assist the investigation.

Dave user data published on hacker forum

ZDNet learned of the security breach on early Saturday morning, on July 25. A reader tipped ZDNet that a hacker was offering the Dave app’s user data on RAID, a hacking forum that has built a reputation for being the go-to place for hackers to leak databases.


Image: ZDNet

The hacker has a reputation as well. Going by the name of ShinyHunters, this is the same person/group who also breached and leaked/sold data from many other companies, including Mathway, Tokopedia, Wishbone, and many more.

The Dave data is currently offered as a free download — after forum members unlock access to the download link using forum credits.

The data includes a wealth of information, such as real names, phone numbers, emails, birth dates, and home addresses.

For some users, it also includes payment card details and Social Security numbers, but Dave said these details were encrypted — which ZDNet confirmed after obtaining a copy of the data.


Image: ZDNet

Passwords were also included but were hashed using bcrypt, a hashing function that prevents hackers from viewing the passwords in cleartext.

Dave said that currently, they had no evidence to suggest that hackers used the data to gain access to user accounts and execute any unauthorized actions.

Source link

Recent articles

Ohio Governor Says His Flawed Virus Test Shouldn’t Undercut New, Rapid Methods

Gov. Mike DeWine of Ohio, who last week tested positive for the coronavirus, then negative and then negative again, said on CNN on...

Egypt extends detention of Al Jazeera journalist Mahmoud Hussein | News

Egyptian authorities have extended the detention of Al Jazeera journalist Mahmoud Hussein by another 45 days. The extension on Sunday came more than 1,300...

Created with Blender 2.8: ‘Take on me’ cover: Arrangement for Flute orchestras

PiDi writes: 'Take on me' cover: Arrangement for Flute orchestras (Cover) Similar to the original video, it looks like a comic book. All image effects were...

Looks Like AT&T Cancelled Plans for WB Interactive Sale

Following months of reports about its sale, Warner Bros. Interactive Entertainment seems to be resting safely with AT&T for now, if comments by...

Leave a reply

Please enter your comment!
Please enter your name here