{
	"id": "4a1fb2ed-8224-4812-9c6f-d49e2a78e012",
	"created_at": "2026-04-06T00:09:37.12293Z",
	"updated_at": "2026-04-10T13:11:47.015907Z",
	"deleted_at": null,
	"sha1_hash": "1ea197b056b15eeecfee129d3076c6a5e60ce20d",
	"title": "Tech unicorn Dave admits to security breach impacting 7.5 million users",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 676696,
	"plain_text": "Tech unicorn Dave admits to security breach impacting 7.5 million\r\nusers\r\nBy Catalin Cimpanu\r\nPublished: 2020-07-26 · Archived: 2026-04-05 23:19:07 UTC\r\nImage source: Dave.com homepage\r\nDigital banking app and tech unicorn Dave.com confirmed today a security breach after a hacker published the\r\ndetails of 7,516,625 users on a public forum.\r\nIn an email to ZDNet today, Dave said the security breach originated on the network of a former business partner,\r\nWaydev, an analytics platform used by engineering teams.\r\n\"As the result of a breach at Waydev, one of Dave's former third party service providers, a malicious party recently\r\ngained unauthorized access to certain user data at Dave,\" a spokesperson told ZDNet.\r\nThe company said it has already plugged the hacker's point of entry and is in the process of notifying customers of\r\nthe incident. Dave app passwords are also being reset after being exposed.\r\n\"As soon as Dave became aware of this incident, the company immediately initiated an investigation, which is\r\nongoing, and is coordinating with law enforcement, including with the FBI around claims by a malicious party\r\nthat it has 'cracked' some of these passwords and is attempting to sell Dave customer data,\" Dave said.\r\nThe company also brought in cyber-security firm CrowdStrike to assist the investigation.\r\nDave user data published on hacker forum\r\nZDNet learned of the security breach on early Saturday morning, on July 25. A reader tipped ZDNet that a hacker\r\nwas offering the Dave app's user data on RAID, a hacking forum that has built a reputation for being the go-to\r\nhttps://www.zdnet.com/article/tech-unicorn-dave-admits-to-security-breach-impacting-7-5-million-users/\r\nPage 1 of 2\n\nplace for hackers to leak databases.\r\ndavecom-forum.png\r\nImage: ZDNet\r\nThe hacker has a reputation as well. Going by the name of ShinyHunters, this is the same person/group who also\r\nbreached and leaked/sold data from many other companies, including Mathway, Tokopedia, Wishbone, and many\r\nmore.\r\nThe Dave data is currently offered as a free download -- after forum members unlock access to the download link\r\nusing forum credits.\r\nThe data includes a wealth of information, such as real names, phone numbers, emails, birth dates, and home\r\naddresses.\r\nThe data also includes Social Security numbers, but Dave said these details were encrypted -- which ZDNet\r\nconfirmed after obtaining a copy of the data.\r\ndavecom-sample.png\r\nImage: ZDNet\r\nPasswords were also included but were hashed using bcrypt, a hashing function that prevents hackers from\r\nviewing the passwords in cleartext.\r\nDave said that currently, they had no evidence to suggest that hackers used the data to gain access to user accounts\r\nand execute any unauthorized actions.\r\nEditorial standards\r\nSource: https://www.zdnet.com/article/tech-unicorn-dave-admits-to-security-breach-impacting-7-5-million-users/\r\nhttps://www.zdnet.com/article/tech-unicorn-dave-admits-to-security-breach-impacting-7-5-million-users/\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://www.zdnet.com/article/tech-unicorn-dave-admits-to-security-breach-impacting-7-5-million-users/"
	],
	"report_names": [
		"tech-unicorn-dave-admits-to-security-breach-impacting-7-5-million-users"
	],
	"threat_actors": [
		{
			"id": "c071c8cd-f854-4bad-b28f-0c59346ec348",
			"created_at": "2023-11-08T02:00:07.132524Z",
			"updated_at": "2026-04-10T02:00:03.422366Z",
			"deleted_at": null,
			"main_name": "ShinyHunters",
			"aliases": [],
			"source_name": "MISPGALAXY:ShinyHunters",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "6f7f2ed5-f30d-4a99-ab2d-f596c1d413b2",
			"created_at": "2025-10-24T02:04:50.086223Z",
			"updated_at": "2026-04-10T02:00:03.770068Z",
			"deleted_at": null,
			"main_name": "GOLD CRYSTAL",
			"aliases": [
				"Scattered LAPSUS$ Hunters",
				"ShinyCorp",
				"ShinyHunters"
			],
			"source_name": "Secureworks:GOLD CRYSTAL",
			"tools": [],
			"source_id": "Secureworks",
			"reports": null
		},
		{
			"id": "d8dff631-87b0-4320-8352-becff28dbcf1",
			"created_at": "2022-10-25T16:07:24.565038Z",
			"updated_at": "2026-04-10T02:00:05.034516Z",
			"deleted_at": null,
			"main_name": "ShinyHunters",
			"aliases": [],
			"source_name": "ETDA:ShinyHunters",
			"tools": [],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434177,
	"ts_updated_at": 1775826707,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/1ea197b056b15eeecfee129d3076c6a5e60ce20d.pdf",
		"text": "https://archive.orkl.eu/1ea197b056b15eeecfee129d3076c6a5e60ce20d.txt",
		"img": "https://archive.orkl.eu/1ea197b056b15eeecfee129d3076c6a5e60ce20d.jpg"
	}
}