A recent data breach of Dave, an online banking service, has users of the service searching for answers. Hackers often target digital banking services for their plethora of consumer records. In 2018, hackers leaked the information of 2.8 billion consumer data records, costing $654 billion in damages to U.S. organizations. Additionally, since the start of COVID-19, there has been a 50 percent increase in mobile banking. Dave is a fintech company that allows users to link their bank accounts and loan payments for upcoming bills to avoid overdraft fees. The Dave.com data breach occurred after the company’s third-party service provider, Waydev, was breached, allowing hackers access to over seven million users’ data.
Dave suffered an attack, resulting in 7,516,625 user records being published on RAID, a hacker forum. Some of the information that was exposed from the Dave.com data breach included names, emails, birth dates, physical addresses, phone numbers, encrypted Social Security numbers and Bcrypt hashed passwords. The company uncovered the hacker’s access point into the database and has since notified customers of the exposure. After becoming aware of the incident, Dave enlisted law enforcement and the FBI to conduct an ongoing investigation, according to ZDNet.
What Does This Mean for You?
While there is no evidence that hackers have used the data from the Dave.com data breach to gain access to accounts or conduct any unlawful actions, there is still a lot of harm that could potentially be done. One threat is social engineering, where someone manipulates someone else into divulging personal information. Since multiple forms of information were exposed, there is an even higher and potentially more harmful risk for those impacted.
While the threat level is not as high as social engineering, hackers could also target victims with mail-forwarding and sign up for accounts with the victim’s information.
Next Steps to Take
Affected users of Dave should consider taking immediate action to minimize the risks of identity theft. Some important next steps include:
- Change the usernames and passwords on any accounts that share a username and password with their Dave.com account – opt for a stronger, unique passphrase
- Look out for account sign-ups and websites which they are not familiar
- Avoid clicking on any links or opening any attachments in messages they are not expecting or giving out personal information on the phone. Instead, users should reach out directly to verify the validity of the message.
Anyone affected by the Dave.com data breach can call the Identity Theft Resource Center (ITRC) toll-free at 888.400.5530 for more information on the next steps they need to take. They can also live-chat with an expert advisor. Finally, victims should consider downloading the free ID Theft Help app for access to resources, a case log to track their activities in managing their data breach case and much more.
You might also like…