Dave is a banking company, and its app is one of the most used digital banking apps that has recently met with a massive security data breach.
The investigation reports reveals that, about 8.4 billion records have been identified in the first portion of the year 2020, and this implies a 273% rise from the first half of the year 2019 in which 4.1 billion data was exposed.
Dave enables users to link their bank accounts and get cash in advance for the upcoming bill to avoid overdraft expenses. Even it also provides a payday loan up to $100 to the subscribers who need additional money to settle a bill.
Data Breached
According to the Cyble report, hackers advertised all the data of 7,516,625 users on a public forum; and here, the security breach was dawned on the network of a previous business associate, Waydev, it’s an analytics program that was used by engineering teams.
After performing an in-depth investigation, Cyble discovered the “ShinyHunters” hacker group is behind this breach who dripped 7.5 million user data from Dave.com.
Here, the threat actors initially aimed to trade a large amount of data on an auction, but after that, the hackers released the data on the forum for free. Here are the list of personal data involved in this security breach:-
- Full Name
- Date of Birth
- Phone Number
- Email Address
- User ID
- Risepay ID
- Residential Address
- Synapsepay ID
After getting a notice about the security data breach, Dave started to notify all their customers regarding the security breach, and also asked them to reset their password.
IOCs
Apart from this, the main motive of the threat actors are not known yet. But, Cyble always summarizes these types of security breaches to inform users about the risks that are linked with utilizing the online services.
The ShinyHunters organization is acknowledged for their work; they target GitHub accounts and utilize that to steal access gifts and tokens. That’s why we have mentioned the list of GitHub accounts that are linked with the ShinyHunters, and here they are:-
- aws-update[.]net
- corp-github[.]com
- ensure-https[.]com
- git-hub[.]co
- git-secure-service[.]in
- githb[.]co
- glt-app[.]net
- glt-hub[.]com
- glthub[.]co
- glthub[.]info
- glthub[.]net
- glthubb[.]info
- glthube[.]app
- glthubs[.]com
- glthubs[.]info
- glthubs[.]net
- glthubse[.]info
- slack-app[.]net
- ssl-connection[.]net
- sso-github[.]com
- sts-github[.]com
- tsl-github[.]com
- data-github[.]com
- gilthub[.]com
- gïthub[.]com
- githube[.]app
- githubs[.]info
- gltgub[.]net
- glthhubs[.]net
- gthub[.]co
- Xn–gthub-cta[.]com
Necessary Measures
After knowing all about this security breach, Dave started notifying their customers, and recommended a few necessary measures so that the users can stay safe; here are they:-
- Do not share any personal information over the phone, Emails, and SMS.
- Always keep an eye on all your financial transactions regularly.
- Always use multi-factor authentication and a strong password.
- Use a reliable anti-virus and internet security software package.
- Do not forget to turn on the automatic software update feature.
Moreover, Dave has already informed the FBI and requested for proper investigation on the matter, and reported all its users regarding this security breach.
You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.
Also Read:
Over 15 Billion Stolen Username & Passwords for Sale On the Dark Web
British Airline EasyJet Hacked – Chinese Hackers Stolen 9 Million Customers Data
San Francisco International Airport HACKED – Hackers Steal Users Windows Login Credentials
