Dave.com, which aims to be the finance version of David and Goliath taking on the big banks and “helping millions with money challenges,” has confirmed that a security breach took place on its platform.
Dave, which claims to have “reinvented” many areas of traditional finance, such as no-interest cash advances, income creation, and “un-bounceable” checks, noted:
“As the result of a breach at Waydev, one of Dave’s former third party service providers, a malicious party recently gained unauthorized access to certain user data at Dave, including user passwords that were stored in hashed form using bcrypt, an industry-recognized hashing algorithm.”
The Dave team further mentioned in a blog post published on July 25, 2020 that the stolen user data/information included personal user details such as their names, emails, birth dates, physical addresses and phone numbers.
Dave clarified that the security breach didn’t affect customers’ bank account numbers, credit card numbers, records of financial transactions, or their unencrypted Social Security numbers.
The company claims:
“Dave has no evidence that any unauthorized actions were taken with any accounts or that any user has experienced any financial loss as a result of this incident.”
Dave also mentioned that as soon as they became aware of the issue, they immediately began an investigation, which is currently ongoing, and the service provider is coordinating with law enforcement officials, including the US Federal Bureau of Investigations (FBI) around “claims by a malicious party that it has ‘cracked’ some of these passwords and is attempting to sell Dave customer data.”
Dave claims that its security team has managed to secure its systems and has been working to ensure that customers’ accounts remain safe. Dave confirmed that it’s currently notifying all clients of the recent incident and the company is also carrying out a “mandatory” reset of all Dave customer passwords.
Dave has also been working with CrowdStrike, a cybersecurity consultant, in order to resolve the issue.
The World Economic Forum (WEF) Fintech Cybersecurity Consortium recently recommended adopting clear and actionable cybersecurity guidelines for Fintech firms.
The report points out that if an organization’s information security teams are provided the appropriate tools to clearly explain how their actions will be able to protect the financial assets of a business, then the executive team is “more likely to understand and prioritize security, making it a core part of their firm’s business growth plans.”
In May 2020, 75% of IT professionals, responding to a survey, said major changes were made to Fintech firms’ cybersecurity programs when working remotely due to COVID-19.