Dave.com, an online bank overdraft protection and short-term loan provider, suffered a data breach in which the data of 7,516,625 users was stolen and posted online.
Dave.com confirmed in a blog post on Saturday (July 25) that it was targeted by hackers and user data was uploaded to an Internet forum.
Dave.com told ZDNet that the hackers first broke into the systems of Waydev, an engineering analysis software, a code tracking platform with which Dave.com had previously collaborated. [A Dave.com spokesperson stated: "A Dave.com spokesperson stated. "As a result of the breach at Waydev, one of Dave.com's former third-party service providers, a malicious individual recently gained unauthorized access to certain user data on Dave.com.
The statement published on ZDNet is identical to the one in Dave.com's blog post about the incident.
Waydev's breach also resulted in data being stolen from other companies, including software testing service Flood.io, ZDNet reported Monday (July 27).
The stolen Dave.com personal information was provided for free by a notorious individual or group called SinyHunters on hacker forums beginning July 24.
However, Bleeping Computer reported that Dave.com data was first offered for sale on another hacker forum earlier this month, and the seller does not appear to be ShinyHunters. Breach tracking firm Cyble told Bleeping Computer that the data was eventually sold for $16,000.
Dave.com users had their names, e-mail addresses, dates of birth, phone numbers, and home addresses compromised.
Hackers were also able to obtain Social Security numbers and passwords, but ZDNet reports that the former were encrypted and the latter were hashed with the very strong hashing algorithm Bcrypt.
Since learning of the breach, Dave has been alerting customers, forcing them to change their passwords, and working with law enforcement officials to get to the bottom of the incident.
A spokesperson added, "As soon as Dave learned of the incident, the company immediately began an investigation, which is ongoing.
There are several steps that Dave.com users can take to protect themselves. First, if you have a Dave.com account and have used the same username and password for other accounts, you should immediately change the passwords for those other accounts.
Dave.com states that passwords are hashed using Bcrypt and have never been successfully cracked, but password crackers may be able to see through weak or common passwords.
All new passwords should be strong and unique. The best way to do this is to use the best password manager.
Second, we do not know how strongly encrypted the Social Security numbers compromised in this data breach are. However, since the breach also included full names, dates of birth, and home addresses, it is safe to assume that SSNs may have been compromised as well.
Since these four pieces of data are all that is needed to steal your identity, you may want to consider signing up for one of the best identity theft protection services. I'll wait a few days to see if Dave.com and/or Waydev offer to pick up the tab for everyone affected. If not, it's up to me to protect my identity and my credibility.
Jake Moore, a security specialist at ESET, told Tom's Guide: "But it is a worthwhile reminder to give only absolutely necessary personal information to companies that request it to minimize risk. "
We also recommend that you read the dedicated step-by-step guide on what to do after a data breach in Tom's Guide.
.
Comments