Unicorn Hacked By ShinyHunters

Uploaded on 2020-08-05 in TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Services-Financial

A leading US Fintech business has revealed it suffered a breach of customers’ personal data via a third party supplier after researchers found a database containing millions of records for sale online.  The company is the  online bank Dave.comwho disclosed the breach when a hacker published the details of its 7,516,625 users on a public hacking forum.

The California bank was launched in 2017 and offers customers a range of digital banking services and was valued at $1bn in 2019 , after just two years in business, conferring it 'Unicorn' status in the startup investment world. 

Dave  issued an official statement confirming the breach: “As the result of a breach at Waydev, one of Dave’s former third party service providers, a malicious party recently gained unauthorised access to certain user data at Dave, including user passwords that were stored in hashed form using bcrypt, an industry-recognised hashing algorithm.” it explained.

The stolen information included user names, emails, birth dates, home addresses and phone numbers but not bank account numbers, credit card numbers or financial records.

However, reports have also emerged that its customers’ details were being traded on the Dark Web. Prolific cyber-crime trader ShinyHunters released the data for free, although in the weeks previous it was being auctioned by a new user on a separate forum.

Although Dave claimed that there’s no evidence the theft has led to financial loss or unauthorised account access, users are at risk since their personal information is freely available to cyber criminals. The passwords could technically be decrypted and then used in credential stuffing across other accounts, while the personal information exposed in the incident could be deployed to make phishing attacks more convincing.

Dave has  plugged the hacker's point of entry and has notified customers of the incident and the banking app passwords exposed have been reset. 

The bank has brought in the cyber security firm CrowdStrike to assist with the investigation and has stated that, while  the security incident did not affect financial data, users should look out for any signs of malicious use of their personal data and to beware of  phishing attempts and to avoid providing personal information on suspicious websites. 

Dave.com      Infosecurity Magazine:          ZDNet:      Cybersafe:         Security Boulevard:  

You Might Also Read: 

Security Flaw Puts UK Bank Customers At Risk:

 

« The Cyber Security Threat From Employees
Cyber Security – Not Just For Data Protection »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Forensic Pathways

Forensic Pathways

Forensic Pathways focus on the provision of digital forensic technologies, offering clients unique technologies in the management of mobile phone data, image analysis and ballistics analysis.

Surevine

Surevine

Surevine builds secure, scalable collaboration solutions for the most security conscious organisations, enabling collaboration on their most sensitive information.

Digital Security

Digital Security

Digital Security is an Ecuadorian company specialized in providing comprehensive information security solutions.

Bridewell

Bridewell

Bridewell provide cost effective Security & Risk Assurance Services across Information Security, Cyber Security, Technology Risk, Security Testing and Data Privacy.

Desec Security

Desec Security

Desec's training platform allows professionals around of the world to acquire knowledge and practical experience in Information Security.

Malleum

Malleum

MALLEUM are specialists in penetration testing and security assessments. We think like hackers – and act like them – to disclose discreet dangers to your organization.

EarlyBirds

EarlyBirds

EarlyBirds is a real-time Open Innovation and OSINT ecosystem that connects organizations with Innovators, Early Adopters, and Subject Matter Experts (SMEs).

DeNexus

DeNexus

DeNexus is the leading provider of cyber risk modeling for industrial networks. Our Mission is to build the Global Standard for Industrial Cyber Risk Quantification.

Crowe

Crowe

Crowe is a public accounting, consulting, and technology firm that combines deep industry and specialized expertise with innovation.

Accops Systems

Accops Systems

Accops enables secure and instant remote access to business applications from any device and network, ensuring compliant enterprise mobility.

PreVeil

PreVeil

We started PreVeil to bring radically better security to ordinary business and personal communication and information storage.

NASK

NASK

NASK is a National Research Institute under the supervision of the Chancellery of the Prime Minister of Poland. Our key activities involve ensuring security online.

BitLyft

BitLyft

BitLyft is a managed detection and response provider that is dedicated to delivering unparalleled protection from cyber attacks for organizations of all sizes.

Jericho Security

Jericho Security

Jericho Security is on a mission to defend the world from the new threats of generative AI cyber attacks.

Xcede

Xcede

Xcede are global technology recruitment specialists. We connect companies with exceptional professionals who empower growth.

Minimus

Minimus

Minimus, a pioneering application security startup, offers a groundbreaking platform that eliminates over 95% of Common Vulnerabilities and Exposures (CVEs) from software supply chains.