The financial services app confirms user data was compromised in a data breach at its former third-party provider, WayDev.
Financial services app Dave has confirmed a security incident after 7.5 million users' data was released on a hacker forum late last week. The company disclosed an incident on Saturday and said it was the result of a cyberattack against its former third-party service provider, WayDev.
Dave is a financial technology company that aims to help customers avoid overdraft fees with cash advances, as well as with automated budgeting, finding side jobs, and building better credit.
In a blog post, Dave says an attacker gained access to user data, including names, emails and physical addresses, birthdates, and phone numbers. The attacker was also able to access user passwords stored in hashed form using bcrypt. Bank account numbers, credit card numbers, financial transaction records, and unencrypted Social Security numbers were not affected.
There is no evidence the attacker took unauthorized actions with any of the accounts or that a Dave user has experienced financial loss following the incident.
When it learned of the breach, Dave says it initiated an ongoing investigation and coordinated with law enforcement, including the FBI. Its team secured its systems and is notifying customers. The company is also enforcing a mandatory reset of all customer passwords.
Details of the WayDev breach are not known at this time. Read Dave's full disclosure here and more details on the incident here.
Register now for this year's fully virtual Black Hat USA, scheduled to take place August 1–6, and get more information about the event on the Black Hat website. Click for details on conference information and to register.
About the Author(s)
You May Also Like
Unleash the Power of Gen AI for Application Development, Securely
March 19, 2024The Anatomy of a Ransomware Attack, Revealed
March 20, 2024How To Optimize and Accelerate Cybersecurity Initiatives for Your Business
March 26, 2024Building a Modern Endpoint Strategy for 2024 and Beyond
March 27, 2024Building a Modern Endpoint Strategy for 2024 and Beyond
March 27, 2024