Leaked and For Sale – Dave.com and Couchsurfing.com in trouble.
Thousands of tourists every year travel globally with a lot of them actually residing for free. This happens thanks to a platform named Couchsurfing.com which allows travelers to connect with natives and stay with them for a predefined number of days. Although all of this attracts a good fanbase for the company, a recent incident has spoilt the mood.
Couchsurfing.com database sold on a hacker forum
A couple of days ago, it was discovered that Couchsurfing was hacked subsequent to which the data of its 17 million users was found being sold on a hacker forum and conventional messaging apps like Telegram for $700.
The data includes names, usernames, email addresses, locale, and other information about the user accounts such as their verification status and notification settings.
Here’s a screenshot from hacker forum where data is being sold:
Keeping this in mind, the company has already started working with a cybersecurity firm and law enforcement agencies in order to mitigate the effects of the breach.
A positive thing is that no passwords were leaked which means that the attacker or for the matter whoever purchases the database cannot use it to conduct credential stuffing attacks nor are the user accounts at risk. Yet, this is not all for the day.
Dave.com database leaked on a hacker forum
In another incident, it has been found that Dave.com, a banking app which markets itself as helping people “claim a better financial future” has also been hacked with its data being leaked on an underground forum. The data includes 751,6625 user accounts worth 4.3 GB with the following information fields contained within it:
- Full names & User IDs
- Email addresses
- Physical addresses
- Social Security Numbers(SSNs)
- Phone numbers
- Bank account IDs
- Images of licenses(it is unclear which type of license this is)
- Profile pictures
- Other details such as the subscription date, etc.
Hackread.com can confirm that the hacker behind Dave.com’s breach is ShinyHunters. The same hacker was behind:
Tokopedia breach in which 91 user accounts were leaked
Minted breach in which 5 million user accounts were leaked
Dunzo breach in which 11.2 GB worth of user data was leaked
Wattpad breach in which 271 million user accounts were leaked
Bhinneka breach in which 1.3 million user accounts were leaked
This will be much more dangerous as highly sensitive data has been leaked which could jeopardize the financial and cybersecurity of its users. However, an alarming thing is that till now, there has been no statement released by the company indicating if they’ve even taken notice, let alone any measures.
To conclude, we will continue updating you on the status of both of these hacks and further developments as they occur. Since the Couchsurfing data is available for sale, they have better chances to mitigate the effects as opposed to Dave who has to deal with user information already out in the open for every malicious actor to see.
Hackread.com will be launching its data breach search engine and notification service which will also be used to send alerts to victims in case their data is part of any breach. Meanwhile, users of both of these services meanwhile are advised to change their account credentials both on the respective platforms and anywhere else where they are re-using them.