7.5M Banking Customers Affected in Dave Security Breach
The financial services app confirms user data was compromised in a data breach at its former third-party provider, WayDev.
Financial services app Dave has confirmed a security incident after 7.5 million users' data was released on a hacker forum late last week. The company disclosed an incident on Saturday and said it was the result of a cyberattack against its former third-party service provider, WayDev.
Dave is a financial technology company that aims to help customers avoid overdraft fees with cash advances, as well as with automated budgeting, finding side jobs, and building better credit.
In a blog post, Dave says an attacker gained access to user data, including names, emails and physical addresses, birthdates, and phone numbers. The attacker was also able to access user passwords stored in hashed form using bcrypt. Bank account numbers, credit card numbers, financial transaction records, and unencrypted Social Security numbers were not affected.
There is no evidence the attacker took unauthorized actions with any of the accounts or that a Dave user has experienced financial loss following the incident.
When it learned of the breach, Dave says it initiated an ongoing investigation and coordinated with law enforcement, including the FBI. Its team secured its systems and is notifying customers. The company is also enforcing a mandatory reset of all customer passwords.
Details of the WayDev breach are not known at this time. Read Dave's full disclosure here and more details on the incident here.
Register now for this year's fully virtual Black Hat USA, scheduled to take place August 1–6, and get more information about the event on the Black Hat website. Click for details on conference information and to register.
About the Author
You May Also Like