Overdraft protection and cash advance service Dave has suffered a data breach after a database containing 7.5 million user records was sold in an auction and then released later for free on hacker forums.
Dave is a fintech company that allows users to link their bank accounts and receive cash advances for upcoming bills to avoid overdraft fees. Subscribers who need extra money to pay a bill can get a payday loan up to $100, but cannot receive another loan until it is repaid.
A threat actor released a database containing 7,516,691 users records for free on a hacker forum on Friday.
After reaching out to Dave regarding their database being leaked, Dave disclosed the incident as a data breach a day later.
In a statement sent to BleepingComputer last night, Dave says their database was breached after Waydev, a former third-party service provider used by the company was breached.
“As the result of a breach at Waydev, one of Dave’s former third party service providers, a malicious party recently gained unauthorized access to certain user data at Dave, including user passwords that were stored in hashed form, using bcrypt, an industry-recognized hashing algorithm.”
“The stolen information also included some personal user information including names, emails, birth dates, physical addresses and phone numbers. Importantly, this did not affect bank account numbers, credit card numbers, records of financial transactions, or unencrypted Social Security numbers. Dave has no evidence that any unauthorized actions were taken with any accounts or that any user has experienced any financial loss as a result of this incident.”
Full article on https://nationalcybersecuritynews.today/dave-data-breach-affects-7-5-million-users-leaked-on-hacker-forum-databreach-pentest-hacker/
#databreach #dave #leak #hacker #yokdata