Skip to main content

Fintech unicorn suffers massive data breach, millions of records published online

(Image credit: Image Credit: Balefire / Shutterstock)

Fintech unicorn Dave.com has suffered a major data breach (opens in new tab), with personally identifiable information (PII) on millions of its users exposed online.

According to Dave, which has now notified all affected individuals, third party analytics platform Waydev was responsible for the breach, which is said to have taken place last week.

The leaked database contains a variety of information, including real names, phone numbers, email addresses, birth dates, and home addresses. This was confirmed by ZDNet (opens in new tab), which obtained a copy of the data and verified its legitimacy.

The dataset also includes encrypted Social Security numbers and passwords (protected with bcrypt), which is likely why cybercriminal group ShinyHunters is giving the database away for free.

All long-time members of hacking forum RAID can download the database, which is comprised of more than 7.5 million entries. Reports suggest some of the hashed passwords have already been cracked.

Dave has since notified law enforcement of the breach (opens in new tab), including the FBI, and cybersecurity firm CrowdStrike has been brought in to assist with the analysis.

Sead Fadilpašić is a freelance tech writer and journalist with more than 17 years experience writing technology-focussed news, blogs, whitepapers, reviews, and ebooks. And his work has featured in online media outlets from all over the world, including Al Jazeera Balkans (where he was a Multimedia Journalist), Crypto News, TechRadar Pro, and IT Pro Portal, where he has written news and features for over five years. Sead's experience also includes writing for inbound marketing, where he creates technology-based content for clients from London to Singapore. Sead is a HubSpot-certified content creator.