A US-based fintech giant has publicly released a statement detailing a data breach the company suffered after researchers discovered a malicious database selling users’ personal information. The company is called Dave and offers digital banking services to its users. Over the past week, researchers investigated claims that Dave’s customers’ details were being sold on dark web markets, eventually discovering the database for free on Friday.
A hacker by the name of ShinyHunters released the information for free on Friday, however, in previous weeks it was posted for sale by a different vendor and being auctioned off for money. The vendors state that the database contains over 7.5 million records that are associated with three million different email addresses. The data is appealing as it contains names, emails, birth dates, physical addresses, and phone numbers and could be used for a variety of phishing attacks.
