Breach Alert – Dave.com

red_flashing_light
For those who use Dave.com, this post is for you.  It seems that Dave.com is the latest company to suffer a data breach.  Due to the information taken, this is a considerable breach as well.  Today’s post will cover details on the breach. Breach Alert – Dave.com
Internet-Security
If you aren’t familiar with Dave.com, they are an Online bank-overdraft-protection and short-term-loan provider. According to the information released, Dave.com has been hit by a data breach, resulting in data of 7,516,625 users being stolen and posted online.

Known Details Of The Breach 

According to the post on the Dave.com blog, Security incident at Dave, via a former 3rd party service provider

a malicious party recently gained unauthorized access to certain user data at Dave, including user passwords that were stored in hashed form using bcrypt, an industry-recognized hashing algorithm.

The stolen information also included some personal user information including names, emails, birth dates, physical addresses and phone numbers. Importantly, this did not affect bank account numbers, credit card numbers, records of financial transactions, or unencrypted Social Security numbers.

So according to the known info on the breach, Dave.com users had their names, email addresses, dates of birth, telephone numbers, and home addresses compromised in the breach. In addition, the hackers were also able to get hold of Social Security numbers and passwords, but that info was encrypted/hash-tagged meaning it’s unlikely the hackers will actually be able to read that data.  There is 1 exception to that of course,  nothing stops a hacker from running tests on your account info using passwords like Password1, Password123, Changeme123, or any of the most common (ridiculous) passwords out there.  If you happen to use one of those, then they probably will find a way to access your account.

Another concern, after this breach, that users of Dave.com should keep in mind, is that since the hackers now have your name, home address, telephone number, email address, and date of birth, that makes you more susceptible to identity theft and also to phishing.

What Can You Do

According to Dave.com

Dave is in the process of notifying all customers of this incident along with performing a mandatory reset of all Dave customer passwords.

So for starters, don’t wait to see if you are notified, change your password.  Next, do you know how to access your credit report?  You can use a site like Credit Karma to keep an eye on your credit or you can look at getting a credit monitoring service like Life Lock to keep an eye on your credit.  Keep in mind the basic services from Credit Karma are free while most credit monitoring charges for their service.

Next, if you use the same email and password combination that you use at Dave.com on other sites, you should go to every one of those other accounts and change your password their as well. You really should not be using the same password to log in to multiple sites, just for this reason.  If you are asking yourself, “How do I remember so many passwords”, there is always a password manager. You can use a password manager like LastPass to keep track of all your passwords, without the need of sticky notes all over your monitor.

monitor sticky

Final Thoughts 

Unfortunately, if you are a customer of Dave.com, you will now have to keep an eye on your information just a little more closely. Just like those folks affected by the Marriott, Dunkin Donuts, Nintendo, and numerous other breaches that have happened.  For everyone else, this is another reminder to check your accounts and check your passwords.  You can’t control if someone breaches a company you have your data at, but you can try to minimize the damage to you, by making sure you don’t use the same info at multiple sites.

Source

Breach Alert – Dave.com

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.