Fintech unicorn Dave.com has suffered a major data breach, with personally identifiable information (PII) on millions of its users exposed online.
According to Dave, which has now notified all affected individuals, third party analytics platform Waydev was responsible for the breach, which is said to have taken place last week.
The leaked database contains a variety of information, including real names, phone numbers, email addresses, birth dates, and home addresses. This was confirmed by ZDNet, which obtained a copy of the data and verified its legitimacy.
The dataset also includes encrypted Social Security numbers and passwords (protected with bcrypt), which is likely why cybercriminal group ShinyHunters is giving the database away for free.
All long-time members of hacking forum RAID can download the database, which is comprised of more than 7.5 million entries. Reports suggest some of the hashed passwords have already been cracked.
Dave has since notified law enforcement of the breach, including the FBI, and cybersecurity firm CrowdStrike has been brought in to assist with the analysis.