Connect with us

Hi, what are you looking for?



Digital Banking Service Dave Says Data Stolen in Third-Party Breach

Digital banking service Dave announced over the weekend that user data was compromised in a third-party security incident.

Digital banking service Dave announced over the weekend that user data was compromised in a third-party security incident.

Dave, also known as, provides individuals with loans for overdraft protection, without asking for interest. Although no overdraft fees are charged, the application costs $1 a month to use and users are provided with the option to “tip” after being granted a loan.

The newly disclosed data breach, Dave says, was the result of a security incident at Git analytics tool Waydev, a former service provider for Dave. A malicious actor accessed user data, including passwords.

Earlier this month, Waydev revealed that the security incident involved users of its Waydev GitHub application, with the hackers being able to compromise GitHub OAuth tokens.

Personal details such as emails and names were compromised, and the attackers also cloned GitHub and GitLab projects from the users who connected via GitHub OAuth, the company said. The attackers might have also accessed the Waydev source code, and the company decided to perform a manual audit.

“The stolen information also included some personal user information including names, emails, birth dates, physical addresses and phone numbers. Importantly, this did not affect bank account numbers, credit card numbers, records of financial transactions, or unencrypted Social Security numbers,” Dave said in a breach notification.

According to the company, there’s no evidence that the malicious actors accessed affected user accounts, or that users experienced financial loss as a result of the incident.

Moreover, Dave notes that it stores passwords in hashed form, using the bcrypt hashing algorithm, and that it is already investigating claims by a malicious party that they managed to crack some of these passwords. An investigation into the incident is ongoing, with the FBI involved.

Advertisement. Scroll to continue reading.

Dave also reveals that it is working with cybersecurity firm CrowdStrike to assist with the investigation.

“Dave’s security team quickly secured its systems and has been working around the clock to keep customers’ accounts safe. Dave is in the process of notifying all customers of this incident along with performing a mandatory reset of all Dave customer passwords,” the company says.

Related: LiveAuctioneers Data Breach Impacts 3.4 Million Users

Related: San Francisco Employees’ Retirement System Discloses Data Breach

Related: Design Marketplace Minted Confirms Recent Data Breach

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.


The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders.


People on the Move

Retired U.S. Army General and former NSA Director Paul M. Nakasone has joined the Board of Directors at OpenAI.

Jill Passalacqua has been appointed Chief Legal Officer at autonomous security solutions provider

Cisco has appointed Sean Duca as CISO and Practice Leader for the APJC region.

More People On The Move

Expert Insights