Dave.com, provider of the Dave banking app, has committed a hacker attack. Data from more than 7.5 million users of the app had previously appeared in a public forum. According to the company, the starting point for the break-in was the network of the former partner Waydev, an analytics platform used by developers.
The hacker’s access has now been closed, the spokesman continued. At the moment, they are in the process of informing the users concerned. The app passwords would also be reset.
“As soon as Dave found out about the incident, the company immediately opened an ongoing investigation and coordinated with law enforcement agencies, including the FBI,” said Dave. It is also investigating claims that hackers have cracked some of the stolen passwords and are now trying to sell data from Dave users.
ZDNet USA became aware of the incident on Saturday. A reader pointed out that data from app users was published in a hacking forum called RAID. The hacker registered there as ShinyHunters is also well known. He is also said to have sold data from companies such as Mathway, Tokopedia and Wishbone.
The Dave data is currently available as a free download. However, members of the forum must activate access with previously purchased forum credits. Afterwards, interested parties can access names, telephone numbers, email addresses, dates of birth and addresses of users of the banking app. Certain data such as social security numbers should also be available – but only in encrypted form. The same applies to passwords that have been hashed using bcrypt.
The company currently has no evidence that the hackers have also accessed user accounts. No unauthorized transactions were carried out.