Attackers have gained unauthorised access to user data at digital banking app developer Dave, with details of more than 7.5 million customers reportedly published on a hackers’ forum.
The security breach involved former third-party service provider Waydev. The stolen information includes passwords stored in hashed form using bcrypt, names, emails, birth dates, physical addresses and phone numbers.
“Importantly, this did not affect bank account numbers, credit card numbers, records of financial transactions, or unencrypted Social Security numbers,” the company said in a blog on its website.
“Dave has no evidence that any unauthorised actions were taken with any accounts or that any user has experienced any financial loss as a result of this incident.”
The company is investigating the hack and coordinating with law enforcement agencies including the FBI in the US following claims by a “malicious party” that it has cracked some of the passwords and is attempting to sell customer data.
The company’s security team secured its systems and has been “working around the clock” to keep customers’ accounts safe, Dave said, adding it is notifying all customers of the incident and resetting their passwords.
The app provider has employed cybersecurity consultant CrowdStrike to assist.
Catch the replays and discover the best talks from Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit https://digital.privsec.info/.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.