Connect with us

Hi, what are you looking for?

Tech & Science

Digital banking app Dave suffers from hacking incident (Includes interview)

The compromised Dave data included the real names of the banking app users, plus phone numbers, emails, birth dates and home addresses as well as encrypted Social Security numbers. The extent of the data loss shows the sophisticated tactics of the hacking group.

READ MORE: ShinyHunters hacker: Mathway data breach reported

The breach was the result of compromised OAuth tokens from Waydev, a former business partner that used to work with Dave. Flood.io has also been breached with the Waydev tokens.

Concerningly, the captured information can theoretically be combined with other information available on the dark web relating to the impacted users, providing fraudsters everything they need to commit a bank account takeover.

Looking at the issue for Digital Journal is Vinay Sridhara, who is the CTO of cybersecurity transformation leader Balbix.

On the Dave breach, Sridhara says: ““The latest hack by ShinyHunters reflects the serious challenges posed by network visibility and user access. Despite the fact that digital banking app Dave no longer worked with Waydev, compromised OAuth tokens used by Waydev exposed the information of 7.5 million Dave users.”

While the issue carries great significance for Dave customers, Sridhara notes that the vulnerabilities that were exposed plague the fintech sector, stating: “Dave is far from alone in struggling to manage vulnerabilities across a rapidly growing digital infrastructure. According to a recent report, nearly half (46 percent) of organizations find it hard to tell which vulnerabilities are real threats versus ones that will never be exploited.”

The analyst adds: “This leaves security teams flying blind when it comes to prioritizing risk and leaves organizations vulnerable to unexpected attacks, such as those exploiting a breach at a former third party partner with access to sensitive data. To manage risk across their networks as well as a growing array of partners, the enterprise needs to tools that can monitor and prioritize vulnerabilities across the entire threat ecosystem, particularly areas with low visibility like user management.”

Avatar photo
Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, business, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:

Tech & Science

The Tesla Cybertruck is the most searched-for future electric vehicle in the UK.

Business

Tax cuts will have no impact whatsoever.  

Tech & Science

This points to extremely powerful rotating, magnetic winds helping this galaxy’s central supermassive black hole to grow.

Business

The EU warned Apple that its App Store is breaching its DMA rules, placing the iPhone maker at risk of billions of dollars in...