Davecom, an online bank overdraft protection and short-term loan provider, suffered a data breach in which the data of 7,516,625 users was stolen and posted online

Davecom confirmed in a blog post on Saturday (July 25) that it was targeted by hackers and user data was uploaded to an Internet forum

Davecom told ZDNet that the hackers first broke into the systems of Waydev, an engineering analysis software, a code tracking platform with which Davecom had previously collaborated [A Davecom spokesperson stated: "A Davecom spokesperson stated "As a result of the breach at Waydev, one of Davecom's former third-party service providers, a malicious individual recently gained unauthorized access to certain user data on Davecom

The statement published on ZDNet is identical to the one in Davecom's blog post about the incident

Waydev's breach also resulted in data being stolen from other companies, including software testing service Floodio, ZDNet reported Monday (July 27)

The stolen Davecom personal information was provided for free by a notorious individual or group called SinyHunters on hacker forums beginning July 24

However, Bleeping Computer reported that Davecom data was first offered for sale on another hacker forum earlier this month, and the seller does not appear to be ShinyHunters Breach tracking firm Cyble told Bleeping Computer that the data was eventually sold for $16,000

Davecom users had their names, e-mail addresses, dates of birth, phone numbers, and home addresses compromised

Hackers were also able to obtain Social Security numbers and passwords, but ZDNet reports that the former were encrypted and the latter were hashed with the very strong hashing algorithm Bcrypt

Since learning of the breach, Dave has been alerting customers, forcing them to change their passwords, and working with law enforcement officials to get to the bottom of the incident

A spokesperson added, "As soon as Dave learned of the incident, the company immediately began an investigation, which is ongoing

There are several steps that Davecom users can take to protect themselves First, if you have a Davecom account and have used the same username and password for other accounts, you should immediately change the passwords for those other accounts

Davecom states that passwords are hashed using Bcrypt and have never been successfully cracked, but password crackers may be able to see through weak or common passwords

All new passwords should be strong and unique The best way to do this is to use the best password manager

Second, we do not know how strongly encrypted the Social Security numbers compromised in this data breach are However, since the breach also included full names, dates of birth, and home addresses, it is safe to assume that SSNs may have been compromised as well

Since these four pieces of data are all that is needed to steal your identity, you may want to consider signing up for one of the best identity theft protection services I'll wait a few days to see if Davecom and/or Waydev offer to pick up the tab for everyone affected If not, it's up to me to protect my identity and my credibility

Jake Moore, a security specialist at ESET, told Tom's Guide: "But it is a worthwhile reminder to give only absolutely necessary personal information to companies that request it to minimize risk "

We also recommend that you read the dedicated step-by-step guide on what to do after a data breach in Tom's Guide