Experts Insight On FinTech Unicorn Dave Data Breach

Digital banking app and tech unicorn Dave.com confirmed the security breach in a blog post affecting 7,516,625 users on a public forum. Dave said this breach is due to their former business partner, Waydev, an analytics platform used by engineering teams.


EXPERTS COMMENTS
Chris Clements, VP,  Cerberus Sentinel
July 28, 2020
The root cause of the breach at Waydev was a blind SQL injection attack.
The data breach of Dave’s customer information highlights the dangers of improper IT security vendor management. Failing to quantify the risk of granting 3rd parties access to sensitive data leads to lax controls and monitoring by many organizations. As part of an effective vendor management program, all business partners that interact with sensitive systems or data should be contractually bound ....
[Read More >>]
Dr. Vinay Sridhara, CTO,  Balbix
July 28, 2020
Dave is far from alone in struggling to manage vulnerabilities across a rapidly growing digital infrastructure.
The latest hack by ShinyHunters reflects the serious challenges posed by network visibility and user access. Despite the fact that digital banking app Dave no longer worked with Waydev, compromised OAuth tokens used by Waydev exposed the information of 7.5 million Dave users, including their real names, phone numbers, emails, birth dates and home addresses as well as encrypted Social Security numb ....
[Read More >>]
Tim Chiu, Vice President of Marketing,  K2 Cyber Security
July 28, 2020
Organizations need to do a few things to better protect themselves against SQL vulnerabilities.
There are two important things to keep in mind here. First, the security of your 3rd party partners is just as important as your own security. We see this over and over again in high profile breaches, including last year’s FBI, Facebook,and Quest Diagnostics breaches. Second, SQL Injection is a threat that’s been around since the inception of the OWASP Top 10 list -- so it should be troubling ....
[Read More >>]
Tarik Saleh, Senior Security Engineer and Malware Researcher,  DomainTools
July 27, 2020
It is essential for companies to design their environment with least privilege in mind.
This breach demonstrates the importance of vetting third parties and implementing security best practices across the entire supply chain. This is not the first time nor will it be the last that cybercriminals circumvent an organisation’s security measures by individuating the weakest link and exploiting it as an entry point. It is essential for companies to design their environment with least pr ....
[Read More >>]
Javvad Malik, Security Awareness Advocate,  KnowBe4
July 27, 2020
Dave claims that the breach occurred through a third party.
The data breach at Dave is probably among the last thing people who are already struggling financially need to hear. It's good to hear that Dave hashed passwords with Bcrypt, and they are confident no financial information was stolen, but the fact that names, emails, birth dates, home address, and phone numbers were exposed does make this a significant breach as it gives criminals enough informati ....
[Read More >>]

If you are an expert on this topic:

Submit Your Expert Comments


In this article