Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the accelerated-mobile-pages domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /www/cisomagcom_810/public/wp-includes/functions.php on line 6121

Deprecated: Optional parameter $options declared before required parameter $ad is implicitly treated as a required parameter in /www/cisomagcom_810/public/wp-content/plugins/advanced-ads/classes/display-conditions.php on line 208

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the easy-digital-downloads domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /www/cisomagcom_810/public/wp-includes/functions.php on line 6121

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the edd_cfm domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /www/cisomagcom_810/public/wp-includes/functions.php on line 6121

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the edds domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /www/cisomagcom_810/public/wp-includes/functions.php on line 6121

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the edd-recurring domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /www/cisomagcom_810/public/wp-includes/functions.php on line 6121

Deprecated: Optional parameter $params declared before required parameter $secretWord is implicitly treated as a required parameter in /www/cisomagcom_810/public/wp-content/plugins/edd-2checkout/sdk/lib/Twocheckout/TwocheckoutReturn.php on line 6

Deprecated: Optional parameter $insMessage declared before required parameter $secretWord is implicitly treated as a required parameter in /www/cisomagcom_810/public/wp-content/plugins/edd-2checkout/sdk/lib/Twocheckout/TwocheckoutNotification.php on line 6

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the edd-recurring domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /www/cisomagcom_810/public/wp-includes/functions.php on line 6121

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the Newsmag domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /www/cisomagcom_810/public/wp-includes/functions.php on line 6121

Warning: Cannot modify header information - headers already sent by (output started at /www/cisomagcom_810/public/wp-includes/functions.php:6121) in /www/cisomagcom_810/public/wp-content/themes/Newsmag/functions.php on line 616

Warning: Cannot modify header information - headers already sent by (output started at /www/cisomagcom_810/public/wp-includes/functions.php:6121) in /www/cisomagcom_810/public/wp-includes/feed-rss2.php on line 8
Waydev Archives - CISO MAG | Cyber Security Magazine Beyond Cyber Security Mon, 19 Jul 2021 06:11:39 +0000 en-US hourly 1 https://wordpress.org/?v=6.8.1 Dave’s User Database Available for Free Download on Hacking Forums https://staging-cisomagcom.kinsta.cloud/dave-data-breach/ Mon, 27 Jul 2020 13:59:20 +0000 https://staging-cisomagcom.kinsta.cloud/?p=6490 Dave, a digital banking and overdraft protection service provider, confirmed that a data breach incident compromised 7,516,625 of its user details. The leaked data includes personally identifiable information (PII) like names, email IDs, birth dates, physical addresses, and phone numbers. The investigation will be carried out in accordance with FBI’s directives. Key Highlights of Dave […]

The post Dave’s User Database Available for Free Download on Hacking Forums appeared first on CISO MAG | Cyber Security Magazine.

]]> Dave, a digital banking and overdraft protection service provider, confirmed that a data breach incident compromised 7,516,625 of its user details. The leaked data includes personally identifiable information (PII) like names, email IDs, birth dates, physical addresses, and phone numbers. The investigation will be carried out in accordance with FBI’s directives.

Key Highlights of Dave Data Breach

  • The data breach took place through Waydev – a former third-party service provider for Dave.
  • 7,516,625 Dave users were affected due to the data breach.
  • The leaked information included user(s) names, email IDs, birth dates, physical addresses, and phone numbers, and passwords stored in hashed form using bcrypt.
  • No bank account or credit card numbers, records of financial transactions, or unencrypted Social Security numbers (SSN) of its users were compromised.
  • The leaked records were put on the underground forum by a threat actor popularly known as “ShinyHunters”.
  • Dave reported the incident to appropriate law enforcement authorities and is now working with the FBI for further investigations.
  • Dave also onboarded CrowdStrike, to assist in the further investigation as a cybersecurity consultant.
  • All its users will be asked to do a mandatory password reset for their accounts as a precautionary measure.

The First Traces

The leaked information first surfaced when a cybercriminal put a sale advert on an underground forum called RAID. The sale of the entire database was offered for $16,000 (i.e. approximately $470 per record). The ad was later removed, probably due to the successful sale of the leaked database. However, the same database later appeared on other forums but this time as a free download by a notorious threat actor named “ShinyHunters”. This is the same threat actor who is responsible for various other mega hacks and publishing of user records like Tokopedia, Unacademy, Wishbone, and many more.

In a blogpost, Dave informed that it had no evidence of any unauthorized actions taken with any of its user accounts or that any user had experienced any financial loss because of this incident. Dave’s security team quickly secured its systems and has been working around the clock to keep the user accounts safe.

However, this entire incident yet again highlights the limitations and dangers of not having a fully equipped third-party management system, since such data thefts can eventually lead to the downfall of any organization’s cybersecurity posture.

Check this story to know more about The Role of Third-Party Management in Cybersecurity

The post Dave’s User Database Available for Free Download on Hacking Forums appeared first on CISO MAG | Cyber Security Magazine.

]]>