Unicorn Hacked By ShinyHunters

A leading US Fintech business has revealed it suffered a breach of customers’ personal data via a third party supplier after researchers found a database containing millions of records for sale online.  The company is the  online bank Dave.comwho disclosed the breach when a hacker published the details of its 7,516,625 users on a public hacking forum.

The California bank was launched in 2017 and offers customers a range of digital banking services and was valued at $1bn in 2019 , after just two years in business, conferring it 'Unicorn' status in the startup investment world. 

Dave  issued an official statement confirming the breach: “As the result of a breach at Waydev, one of Dave’s former third party service providers, a malicious party recently gained unauthorised access to certain user data at Dave, including user passwords that were stored in hashed form using bcrypt, an industry-recognised hashing algorithm.” it explained.

The stolen information included user names, emails, birth dates, home addresses and phone numbers but not bank account numbers, credit card numbers or financial records.

However, reports have also emerged that its customers’ details were being traded on the Dark Web. Prolific cyber-crime trader ShinyHunters released the data for free, although in the weeks previous it was being auctioned by a new user on a separate forum.

Although Dave claimed that there’s no evidence the theft has led to financial loss or unauthorised account access, users are at risk since their personal information is freely available to cyber criminals. The passwords could technically be decrypted and then used in credential stuffing across other accounts, while the personal information exposed in the incident could be deployed to make phishing attacks more convincing.

Dave has  plugged the hacker's point of entry and has notified customers of the incident and the banking app passwords exposed have been reset. 

The bank has brought in the cyber security firm CrowdStrike to assist with the investigation and has stated that, while  the security incident did not affect financial data, users should look out for any signs of malicious use of their personal data and to beware of  phishing attempts and to avoid providing personal information on suspicious websites. 

Dave.com      Infosecurity Magazine:          ZDNet:      Cybersafe:         Security Boulevard:  

You Might Also Read: 

Security Flaw Puts UK Bank Customers At Risk:

 

« The Cyber Security Threat From Employees
Cyber Security – Not Just For Data Protection »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Shavlik Protect

Shavlik Protect

Shavlik Protect is an easy-to-use security software solution that discovers missing patches and deploys them to the entire organization.

Perspective Risk

Perspective Risk

Perspective Risk provides penetration testing, security assessments, risk management & compliance solutions, InfoSec training and consultancy services.

CERT-UG/CC

CERT-UG/CC

CERT-UG/CC is the national Computer Emergency Response Team for Uganda, operating under the National Information Technology Authority (NITA-U)

Secmentis

Secmentis

Secmentis is a cyber security consultancy specializing in penetration testing, threat intelligence, and proactive defense for your IT infrastructure.

Immersive Labs

Immersive Labs

Immersive Labs have created a kinesthetic learning platform which identifies gaps in your teams cyber skills.

Very Good Security (VGS)

Very Good Security (VGS)

VGS is the modern approach to data security. Our SaaS solution gives you all the benefits of interacting with sensitive and regulated data without the liability of securing it.

Stratus Cyber

Stratus Cyber

Stratus Cyber is a premier Cyber Security company specializing in Managed Security Services. Our services include Blockchain Security, Pentesting, and Compliance Assessments.

Converge Technology Solutions

Converge Technology Solutions

Converge Technology Solutions Corp. is a North American IT solution provider delivering advanced analytics, cloud, cybersecurity, and managed services solutions.

NOW Insurance

NOW Insurance

NOW Insurance provides small business owners and other professional classes with a seamless purchasing experience for general liability, professional liability, and cybersecurity insurance coverage.

Broadcom

Broadcom

Broadcom is a global technology leader that designs, develops and supplies a broad range of semiconductor and infrastructure software solutions.

Indevis

Indevis

Indevis provides IT security, datacenter and network solutions, accompanied by professional consulting, management and support services.

Open Source Security Foundation (OpenSSF)

Open Source Security Foundation (OpenSSF)

OpenSSF is committed to collaboration and working both upstream and with existing communities to advance open source security for all.

Acora

Acora

Acora provide a range of best-in-class managed services, Microsoft-centric business software, and cloud solutions designed to help mid-market organisations succeed in the digital economy.

Security BSides Cayman Islands

Security BSides Cayman Islands

Security BSides is a non-profit, community-driven event built for and by information security community members. Our aim is to help build an Information Security community in the Cayman Islands.

TAFEcyber

TAFEcyber

TAFEcyber is an Australian based consortium focusing on the skilling of the fast-growing cyber security workforce through education and training.

CyberForceHQ

CyberForceHQ

CyberForce helps cyber security professionals take real-world tests, get ranked and get paid better. It's that simple.