“Shiny Hunters” Group Is Selling User Records From 11 Companies on the Dark Web
Last updated September 17, 2021
‘Dave.com,’ a contemporary banking platform with millions of users on both the Android and the iOS platform, has blundered heavily with a large number of data that seems to belong to its userbase has appeared on the dark web. Cyble has stumbled upon this data during their daily dark web and deep web sweeping, finding seven million user records that are actually offered for free by "ShinyHunters".
Already, the leaked user records have been downloaded by a large number of users in the particular dark web forum, so the compromise must be considered certain and irreversible.
Dave.com hasn’t made any announcements yet, so one reason might be they never realized that hackers breached them. The other could be that they simply opted for the “pretend nothing has happened” approach, hoping that the data’s appearance on the dark web won’t draw the attention of any media. It is commendable that breached entities are still investing their wishes in this approach, even though it has been repeatedly proven that things never work out this way.
Dave.com is a relatively new company that rose very quickly, but a security incident like the present one could threaten its existence.
Cyble reports that the data that’s offered for free contains the following information:
This data seems to derive from direct database exfiltration since it is offered in a structured table format, as shown in the image above.
As for how the actors managed to get their hands into this data, there are claims of phishing emails that targeted ‘Dave.com’ employees. The hackers even clarified that they found the contact information of their victims through LinkedIn, Crunchbase, and Angel. Although these claims cannot be confirmed, we don’t see why the hackers would lie about their methods.
In fact, this “open mocking” of the ‘Dave.com’ service and its employees is consistent with the case that the stolen data shared for free and not sold. This creates maximum damage to the firm and ensures that the leak receives quick publicity. The motive behind attacks that follow this pattern is usually something having to do with retribution.
If you are a user of the ‘Dave.com’ platform and apps, you may want to reset your credentials now. Obviously, the leaking of full names, residential addresses, phone numbers, and DoB won’t be that simple to deal with, so staying vigilant against unsolicited communications even in the distant future will be pivotal in staying safe.