Not too long ago, cyberattacks from different avenues, directions, and groups were active during this pandemic. Activities such as ransomware attack, phishing attacks, social engineered scams, corporate insider leaks, forced intrusion database breach, and so much more to mention happened had taken place. This is, in fact, the same observation by the Interpol itself. Dave Banking app has become one of the recent victims of these cyberattacks.
Tech Dave is a hot topic because it is a mobile financial app that was recently breached by blackhat hackers whose intention is to profit from the breach. Around 7.5 million data was published in a cybercrime forum for free, yet members will need to donate a fair amount of “credits” to download the content. The culprit with a username ShinyHunters who has a good reputation among the community posted the data.
Personally, identifiable information from Dave
Personally, identifiable information was exposed to the said leak. We can confirm that the contents include the following:
- real names
- phone numbers
- birth dates
- home addresses.
The above exposure means a lot to the individuals concerned, and the companies tied up and partnered with Dave. Those who are affected are now the prime target of spear phishing attacks that may involve identity theft, and possibly sim swapping attacks. The exposed information should not be taken lightly, because, at first glance, they may look harmless. Still, with the right social engineering strategy and tactics, cybercriminals can heist money out of the exposed information.
Here is a screenshot of our researcher’s copy of Dave.com’s leaked data.
Financial Apps are secured
Financial apps are secured, yet not totally foolproof because if it was secure in the first place, this would never have happened. Fortunately, the passwords exposed are in a hashed formatted in bcrypt. This means the account passwords will never be decrypted, for now at least.