Unicorn Hacked By ShinyHunters

Uploaded on 2020-08-05 in TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Services-Financial

A leading US Fintech business has revealed it suffered a breach of customers’ personal data via a third party supplier after researchers found a database containing millions of records for sale online.  The company is the  online bank Dave.comwho disclosed the breach when a hacker published the details of its 7,516,625 users on a public hacking forum.

The California bank was launched in 2017 and offers customers a range of digital banking services and was valued at $1bn in 2019 , after just two years in business, conferring it 'Unicorn' status in the startup investment world. 

Dave  issued an official statement confirming the breach: “As the result of a breach at Waydev, one of Dave’s former third party service providers, a malicious party recently gained unauthorised access to certain user data at Dave, including user passwords that were stored in hashed form using bcrypt, an industry-recognised hashing algorithm.” it explained.

The stolen information included user names, emails, birth dates, home addresses and phone numbers but not bank account numbers, credit card numbers or financial records.

However, reports have also emerged that its customers’ details were being traded on the Dark Web. Prolific cyber-crime trader ShinyHunters released the data for free, although in the weeks previous it was being auctioned by a new user on a separate forum.

Although Dave claimed that there’s no evidence the theft has led to financial loss or unauthorised account access, users are at risk since their personal information is freely available to cyber criminals. The passwords could technically be decrypted and then used in credential stuffing across other accounts, while the personal information exposed in the incident could be deployed to make phishing attacks more convincing.

Dave has  plugged the hacker's point of entry and has notified customers of the incident and the banking app passwords exposed have been reset. 

The bank has brought in the cyber security firm CrowdStrike to assist with the investigation and has stated that, while  the security incident did not affect financial data, users should look out for any signs of malicious use of their personal data and to beware of  phishing attempts and to avoid providing personal information on suspicious websites. 

Dave.com      Infosecurity Magazine:          ZDNet:      Cybersafe:         Security Boulevard:  

You Might Also Read: 

Security Flaw Puts UK Bank Customers At Risk:

 

« The Cyber Security Threat From Employees
Cyber Security – Not Just For Data Protection »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

INSUREtrust

INSUREtrust

INSUREtrust is a pioneer in the industry, inventing the concept of cyber insurance.

Holm Security

Holm Security

Holm Security are taking vulnerability assessment into the next generation as a cloud service.

Futurex

Futurex

Futurex is a globally recognized provider of enterprise-class data encryption solutions.

Cyber Forensic & Investigation (CFI)

Cyber Forensic & Investigation (CFI)

Cyber Forensic & Investigation (CFI) is recognized as Thailand’s leader in cyber investigations and digital forensics.

Grupo CFI

Grupo CFI

Grupo CFI is the largest Spanish network of data protection and cybersecurity professionals.

GM Security Technologies

GM Security Technologies

GM Security Technologies provides leading managed security services of the highest quality to every type of individual and organization in Puerto Rico, Caribbean and Latin America.

Cyber Pop-Up

Cyber Pop-Up

Cyber Pop-Up provide on-demand access to top security experts. No recruiting. No onboarding. No overhead costs.

Tesserent

Tesserent

Tesserent (formerly Pure Security) is a full-service cybersecurity solutions provider. We partner with clients across Australia and New Zealand in the protection of their digital assets.

RhodeCode

RhodeCode

RhodeCode is an open source repository management platform. It provides unified security and team collaboration across Git, Subversion, and Mercurial.

Center for Infrastructure Assurance and Security (CIAS)

Center for Infrastructure Assurance and Security (CIAS)

CIAS is developing the world's foremost center for multidisciplinary education and development of operational capabilities in the areas of infrastructure assurance and security.

LimaCharlie

LimaCharlie

LimaCharlie gives security teams full control over how they manage their security infrastructure. Get full visibility, build what you want, control your data, get the security capabilities you need.

Zenity

Zenity

Zenity is the first and only security governance platform for low-code/no-code applications.

Esprinet

Esprinet

The Esprinet Group is an enabler of the technology ecosystem: a team of people who promote access to technology through an extensive network of professional resellers.

Filigran

Filigran

Filigran provides threat intelligence, adversary simulation and crisis response open solutions to thousands of cybersecurity and crisis management teams across the world.

Baidam Solutions

Baidam Solutions

Baidam Solutions is a 100% Australian owned and operated First Nations information technology business.

Softanics

Softanics

Softanics’ ArmDot protects .NET apps with advanced obfuscation, control flow protection, and virtualization, securing code against reverse engineering without requiring agents or environment changes.