Analysing the Fallout: Fractal ID's Data Breach Linked to 2022 Password Hack
Jul 21, 2024
Fractal ID recently conducted a postmortem analysis of a data breach that occurred on July 14, 2024, which has been linked to a 2022 incident involving the reuse of a compromised employee password. The breach affected about 0.5% of Fractal ID's user base, or approximately 6,300 users. It was triggered by unauthorised access to an operator's account, which had admin rights, enabling the attacker to bypass internal data privacy systems. The breach resulted in the exfiltration of various user information including names, email addresses, wallet addresses, phone numbers, physical addresses, and images of uploaded documents.In response to the breach, Fractal ID took immediate steps to secure its systems, including disabling compromised accounts, implementing request throttling, and enhancing monitoring and authorization controls. The company also reported the breach to the relevant data protection authorities and engaged cybersecurity services to monitor for potential data distribution.
Previous
Next