Security News > 2020 > July > Digital Banking Service Dave Says Data Stolen in Third-Party Breach
Digital banking service Dave announced over the weekend that user data was compromised in a third-party security incident.
The newly disclosed data breach, Dave says, was the result of a security incident at Git analytics tool Waydev, a former service provider for Dave.
"The stolen information also included some personal user information including names, emails, birth dates, physical addresses and phone numbers. Importantly, this did not affect bank account numbers, credit card numbers, records of financial transactions, or unencrypted Social Security numbers," Dave said in a breach notification.
Dave notes that it stores passwords in hashed form, using the bcrypt hashing algorithm, and that it is already investigating claims by a malicious party that they managed to crack some of these passwords.
"Dave's security team quickly secured its systems and has been working around the clock to keep customers' accounts safe. Dave is in the process of notifying all customers of this incident along with performing a mandatory reset of all Dave customer passwords," the company says.