Unicorn Hacked By ShinyHunters

Uploaded on 2020-08-05 in TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Services-Financial

A leading US Fintech business has revealed it suffered a breach of customers’ personal data via a third party supplier after researchers found a database containing millions of records for sale online.  The company is the  online bank Dave.comwho disclosed the breach when a hacker published the details of its 7,516,625 users on a public hacking forum.

The California bank was launched in 2017 and offers customers a range of digital banking services and was valued at $1bn in 2019 , after just two years in business, conferring it 'Unicorn' status in the startup investment world. 

Dave  issued an official statement confirming the breach: “As the result of a breach at Waydev, one of Dave’s former third party service providers, a malicious party recently gained unauthorised access to certain user data at Dave, including user passwords that were stored in hashed form using bcrypt, an industry-recognised hashing algorithm.” it explained.

The stolen information included user names, emails, birth dates, home addresses and phone numbers but not bank account numbers, credit card numbers or financial records.

However, reports have also emerged that its customers’ details were being traded on the Dark Web. Prolific cyber-crime trader ShinyHunters released the data for free, although in the weeks previous it was being auctioned by a new user on a separate forum.

Although Dave claimed that there’s no evidence the theft has led to financial loss or unauthorised account access, users are at risk since their personal information is freely available to cyber criminals. The passwords could technically be decrypted and then used in credential stuffing across other accounts, while the personal information exposed in the incident could be deployed to make phishing attacks more convincing.

Dave has  plugged the hacker's point of entry and has notified customers of the incident and the banking app passwords exposed have been reset. 

The bank has brought in the cyber security firm CrowdStrike to assist with the investigation and has stated that, while  the security incident did not affect financial data, users should look out for any signs of malicious use of their personal data and to beware of  phishing attempts and to avoid providing personal information on suspicious websites. 

Dave.com      Infosecurity Magazine:          ZDNet:      Cybersafe:         Security Boulevard:  

You Might Also Read: 

Security Flaw Puts UK Bank Customers At Risk:

 

« The Cyber Security Threat From Employees
Cyber Security – Not Just For Data Protection »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

SecureAuth

SecureAuth

SecureAuth delivers cutting edge identity and information security solutions for cloud, mobile, web, and VPN systems.

TZ-CERT

TZ-CERT

TZ-CERT is the National Computer Emergence Response Team of Tanzania.

Cyber Secure Forum

Cyber Secure Forum

The Cyber Secure Forum is a premier cybersecurity event dedicated to bringing together experts, and professionals to explore the latest trends, share knowledge, and discuss strategies.

KoolSpan

KoolSpan

KoolSpan’s security and privacy solutions address the growing threat of loss or theft of intellectual property, information, and proprietary assets.

Appvisory

Appvisory

Appvisory by MediaTest Digital is the leading Mobile Application Management-Software in Europe and enables enterprises to work secure on smartphones and tablets.

MrLooquer

MrLooquer

MrLooquer provide a solution to automatically discover the assets of organizations on the internet, determine the level of exposure to attacks and help to manage risk accurately.

Cloud Managed Networks

Cloud Managed Networks

Cloud Managed Networks provides enterprise grade IT network solutions for cloud-based and on premise network security, Wi-Fi, data switching, collaboration, device management and more.

National Accreditation Agency of Ukraine (NAAU)

National Accreditation Agency of Ukraine (NAAU)

NAAU is the national accreditation body for Ukraine. The directory of members provides details of organisations offering certification services for ISO 27001.

IAR Systems

IAR Systems

IAR Systems are a frontrunner in a changing industry, and a future-proof software supplier enabling the IoT.

Cyber Threat Defense (CT Defense)

Cyber Threat Defense (CT Defense)

CT Defense specialize in penetration testing and security assessments.

EBRAND Services

EBRAND Services

EBRAND, the European experts for brand protection on the Internet. We offer a full set of services including cybermonitoring, fighting counterfeiting offences and online security.

Dutch Institute for Vulnerability Disclosure (DIVD)

Dutch Institute for Vulnerability Disclosure (DIVD)

DIVD's aim is to make the digital world safer by reporting vulnerabilities we find in digital systems to the people who can fix them.

Gulf Business Machines (GBM)

Gulf Business Machines (GBM)

GBM is a leading end-to-end digital solutions provider, offering the broadest portfolio, including industry-leading digital infrastructure, digital business solutions, security and services.

TAFEcyber

TAFEcyber

TAFEcyber is an Australian based consortium focusing on the skilling of the fast-growing cyber security workforce through education and training.

Vigilant Ops

Vigilant Ops

Vigilant Ops is a leader in Software Bill of Materials (SBOM) Automation. A proactive approach to cybersecurity with continuous vulnerability monitoring.

Flow Security

Flow Security

Enterprises run on data, Flow secures it at runtime. With a runtime-first approach, Flow is a game-changer in the data security space, securing data itself, beyond the infrastructure it resides in.