Connect with us

Hi, what are you looking for?

Tech & Science

Digital banking app Dave suffers from hacking incident (Includes interview)

The compromised Dave data included the real names of the banking app users, plus phone numbers, emails, birth dates and home addresses as well as encrypted Social Security numbers. The extent of the data loss shows the sophisticated tactics of the hacking group.

READ MORE: ShinyHunters hacker: Mathway data breach reported

The breach was the result of compromised OAuth tokens from Waydev, a former business partner that used to work with Dave. Flood.io has also been breached with the Waydev tokens.

Concerningly, the captured information can theoretically be combined with other information available on the dark web relating to the impacted users, providing fraudsters everything they need to commit a bank account takeover.

Looking at the issue for Digital Journal is Vinay Sridhara, who is the CTO of cybersecurity transformation leader Balbix.

On the Dave breach, Sridhara says: ““The latest hack by ShinyHunters reflects the serious challenges posed by network visibility and user access. Despite the fact that digital banking app Dave no longer worked with Waydev, compromised OAuth tokens used by Waydev exposed the information of 7.5 million Dave users.”

While the issue carries great significance for Dave customers, Sridhara notes that the vulnerabilities that were exposed plague the fintech sector, stating: “Dave is far from alone in struggling to manage vulnerabilities across a rapidly growing digital infrastructure. According to a recent report, nearly half (46 percent) of organizations find it hard to tell which vulnerabilities are real threats versus ones that will never be exploited.”

The analyst adds: “This leaves security teams flying blind when it comes to prioritizing risk and leaves organizations vulnerable to unexpected attacks, such as those exploiting a breach at a former third party partner with access to sensitive data. To manage risk across their networks as well as a growing array of partners, the enterprise needs to tools that can monitor and prioritize vulnerabilities across the entire threat ecosystem, particularly areas with low visibility like user management.”

Avatar photo
Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, business, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:

Business

This cluster MUST be fixed, ASAP. It’s too dangerous to be allowed to continue.

Entertainment

Actresses Nancy McKeon ("The Facts of Life") and Johanna Day portrayed "Pen Pals" in Off-Broadway play.

Business

"Nobody wants to be associated with Musk's behaviour," said German automotive industry expert Ferdinand Dudenhoeffer.

World

Palestinians cross the Netzarim Corridor as they make their way to the north of Gaza - Copyright AFP Eyad BABAAFP team in Gaza City...