Dave’s digital banking and cash advance app reported a data breach after a bad actor posted a database with personal information of 7.5 million users on a public hacking forum.
According to a data breach note, “A malicious party recently gained unauthorized access to some user data” after breaching the systems of Waysez, a former third-party service provider for the company.
The exfiltrated information included user names, emails, dates of birth, home addresses and phone numbers, as well as “user passwords that were stored in hashed form, using Bcrypt, an industry-recognized hashing algorithm “.
“It is important to note that this did not affect any unencrypted bank account numbers, credit card numbers, financial transaction records or social security numbers,” the notification said. “Dave has no evidence that unauthorized actions were taken with any accounts or that a user suffered financial loss as a result of this incident.”
As Cyble’s cybersecurity researchers reported, the stolen data was privately auctioned off on a hacking forum for $ 16,000. However, on July 24, a data breach broker called ShinyHunter released the entire database for free.
After learning of the incident, Dave.com launched an internal investigation alongside the FBI and third-party cybersecurity consultants. The company said its “security team quickly secured its systems and worked tirelessly to protect customer accounts.”
While Dave.com is still notifying affected customers, a mandatory reset of all account passwords has been implemented. Users are also advised to change passwords for all online accounts that share the same login credentials with the Dave app.
While company officials have made it clear that the security incident did not affect unencrypted financial data or social security numbers, users should look for any signs of malicious use of their personal data. Identity thieves may attempt to contact Dave’s users through social media or email to obtain additional information from victims. Keep an eye out for unsolicited email and phishing attempts, and avoid providing your personal information on bogus links and websites.
*** This is a Syndicated Security Bloggers Network blog by HOTforSecurity Written by Alina bizga. Read the original post on: https://hotforsecurity.bitdefender.com/blog/cash-advance-service-dave-com-reports-data-breach-23817.html