As the year drags on data breaches continue to pile up. Even though most people have been indoors avoiding exposure to COVID-19, hackers have been hard at work pilfering data and selling it for profit on sketchy Dark Web marketplaces.
The breaches have become bad enough, in fact, that the black market for data is saturated with stolen accounts. Nowadays, it’s easy and cheap enough to simply buy stolen accounts rather than do the heavy lifting and hack them yourself. Tap or click here to see just how inexpensive it is to buy a person’s entire digital life.
Out of all the cyberattacks we’ve seen, breaches targeting financial apps and institutions tend to be the most destructive. And that’s exactly what happened with Dave, a popular overdraft protection app that recently saw as many as 7.5 million user records stolen from one of its affiliates. Here’s what it means, and what you can do to keep your finances safe.
7.5 million Dave accounts up for sale on the Dark Web
According to Bleeping Computer, overdraft protection and cash advance service Dave has fallen victim to a wide-scale cyberattack affecting up to 7.5 million people. The data appears to have been stolen from Waydev, a former service provider that maintained records from Dave users — including names, passwords, emails and phone numbers.
This breach is especially concerning given what Dave does and how it’s used. The app provides short-term loans that protect users from being affected by bank overdrafts and late payments. It can also be used to advance paychecks. This means Dave is in close contact with sensitive financial information like bank account and Social Security numbers.
Representatives from Dave emphasize that the stolen data does not include bank account numbers, credit card numbers, transaction records or Social Security numbers. However, users may be at significant risk if they share the password they use for Dave with other online accounts — particularly with bank and financial apps.
The culprit for the breach appears to be none other than ShinyHunter, a hacking collective responsible for several other high-profile breaches in recent months. Tap or click here to see more of the ShinyHunter’s handiwork.
The data was initially auctioned off on Dark Web markets, which netted the original hackers some profit for their efforts. But following the auction, the data appears to have been released online free of charge, which means any bored or dedicated hackers could exploit it to their own ends.
How can I protect myself from this breach?
As representatives from Dave said, your biggest risk comes from sharing your password across multiple sites. Many people tend to share passwords for similar apps, and considering Dave is a financial app, it’s in your best interest to change your password to something much stronger. Tap or click here to find out how to generate stronger passwords.
Dave, to its credit, has officially confirmed the breach and is notifying victims while urging everyone using the service to reset their passwords.
Beyond that, it’s also in your best interest to check to see if your information was included in the leak. You can look up whether your data was included in this (and other) infamous breaches by checking with HaveIBeenPwned, a website that keeps tally of data breaches and Dark Web market shenanigans. Tap or click here to find out more about HaveIBeen Pwned.
Google also offers a password checkup tool that will tell you if any passwords you’re using are compromised or available on sketchy marketplaces. Tap or click here to find out more about Google’s offering.
But to keep yourself as safe as possible, a full suite of identity protection software is what you need. You can get all that and more when you subscribe to our sponsor Identity Guard, which features real-time security checks on social media and Dark Web markets, Identity Theft Insurance, and free credit reporting to help keep you safe.
It might seem like a drag that we, as users, have to take steps to secure our privacy. But on the other hand, why trust a company capable of leaking or getting hacked with such a sensitive task?