HomeAltcoin NewsFractal ID Data Breach Caused by Vulnerability Leading Back to 2022
Fractal ID Data Breach Caused by Vulnerability Leading Back to 2022
Altcoin NewsCrimeNews

Fractal ID Data Breach Caused by Vulnerability Leading Back to 2022

Suraj Manohar
By Suraj Manohar

-

60
0
Claim upto $1000 From Bitrue.com

Fractal ID, an on-chain identity platform, suffered a hack on July 14th, 2024, causing the sensitive data of 0.5% of its users, or 6,300 accounts, to be revealed to the bad actors. Analysis of the incident revealed that the breach occurred due to an operator with admin controls setting an insecure password in 2022. The password was a reused one, breaking operational security best practices and allowing the hacker to grab sensitive user-related data, including wallet addresses, KYC details, and personal residential addresses.

On-chain sleuth ZachXBT revealed the details leading to the hack in a recent X post, “The threat actor shared details about the Fractal ID employee who allegedly had his account compromised who did not have 2FA and reused passwords allowing them to easily gain access to his account and exfiltrate data.”

Fractal ID’s team and systems recognized the attack as it occurred and stopped it in around 29 minutes, preventing the hacker from accessing more user data. It detailed the breach in a report, “On Sunday, July 14th, 2024 at 07:00 UTC, our systems monitoring alerted one of our engineers who was on call. This alert pointed to unusual activity on one of Fractal ID’s backoffices: one specific endpoint, not regularly used in the course of normal operations, was being queried.”

It continued, “This initially appeared to be a regression on the backoffice’s frontend code, but it soon became clear it was instead evidence of an attack, and at 07:29 UTC they shut down this backoffice to thwart it.” Soon after locking the attacker out, Fractal ID disabled every employee account, bringing back access to accounts belonging to senior employees.

Going forward, the on-chain identity platform has taken measures to ensure vulnerabilities arising this way do not occur, as technical measures will prevent employees from sidestepping operational security. Moreover, Fractal ID has contacted authorities to take action against the criminal, improved its security infrastructure and practices, and contacted an external cybersecurity firm.

Finally, it looks to switch to self-custody of its user base’s data rather than relying on a centralized server, which was the root cause of this attack.

 

FOLLOW US

Suraj Manohar
Suraj Manohar

Upcoming Events

View Calendar

Most Popular

LiveBitcoinNews is a leading online platform dedicated to providing the latest news and insights about Bitcoin and the broader cryptocurrency market. It offers timely updates on market trends, regulatory developments, technological advancements, and expert analyses, catering to both seasoned investors and newcomers in the digital currency space. The site features a variety of content, including articles, guides, interviews, and opinion pieces, making it a comprehensive resource for anyone interested in staying informed about the rapidly evolving world of cryptocurrencies.

Contact us: [email protected]

© Copyright - Livebitcoinnews.com