Unicorn company Dave.com has warned its users about a data breach.
Mobile banking app developer Dave.com, a tech unicorn, has confirmed data breaches of 7.5 million of its users. According to the company’s blog, the leak came from its former service provider, Waydev.
Unidentified attackers gained unauthorized access to some of Dave’s user data, including passwords encrypted using the bcrypt hashing algorithm, names, email addresses, dates of birth, residential addresses, and phone numbers. The leak did not affect credit card and bank account numbers, money transfer history, and unencrypted social security numbers.
No signs of illegal use of the leaked data or financial losses were found. However, a cybercriminal going by the pseudonym ShinyHunters claimed to be able to decrypt some of the passwords and posted them on the RAID hacker forum for free download. SecurityLab previously wrote about ShinyHunters in connection with the data leakage of users of the Mathway service, the hacking of a Microsoft account in the GitHub service and the Wishbone application .
As soon as the company became aware of the incident, an investigation was immediately initiated with the participation of the FBI. Dave managed to detect and block the entry point used by the attackers. The company also reset all passwords of users of the banking application and sent notifications to them.
A unicorn company is a privately held startup that has been valued at more than $1 billion in five years. The term was coined in 2013 by venture capitalist and owner of Cowboy Ventures, Aileen Lee.