This incident calls attention to the continuous difficulties that are associated with preserving data security, particularly in the centralized storage systems that are prevalent today.
Fractal ID, a blockchain identification platform, has released a postmortem document that provides an overview of the data breach that occurred on July 14 at the firm. Since then, the breach has been tracked down to an event that occurred in 2022, in which an employee misused a password that had been hacked.
Fractal ID claims that the hacked account belonged to an operator who had been using the platform for three years and had administrative privileges. Because of this, the attacker was able to circumvent the internal data privacy safeguards; nonetheless, the monitoring of the system was able to successfully lock out the attacker within 29 minutes.
A combination of factors, including the operator’s inability to adhere to operational security standards and training, as well as the reuse of credentials from previous attacks, contributed to the breach.
On July 14, 2024, the crypto identity verification service discovered that one of its back offices was doing out activities that were not typical. It was rapidly determined that this activity was a hostile assault, which resulted in the loss of data for around 0.5 percent of its user base.
On the other hand, Fractal ID said in the postmortem report that as a reaction, it deactivated all accounts in the compromised system and restricted access to top workers. The organization also made it a priority to improve its security procedures in order to avoid repeat occurrences. These steps included the implementation of request throttling, finer-grained authorization, tighter monitoring of failed authentication attempts, and greater control over protected intellectual property.
In addition to carrying out measures inside the company, Fractal ID reached out to the relevant data protection authorities as well as the cybercrime police division in Berlin. The corporation has also contracted with cybersecurity services in order to keep an eye out for any possible spread of stolen data on websites that are already known to have had data breaches.
According to the study, the stolen data, which impacted around 6,300 customers, contains three different levels of information: proof-of-personhood checks, comprehensive know your customer checks, and other levels of information. There is a possibility that this information will include of names, email addresses, phone numbers, wallet addresses, physical locations, and photos of documents that have been uploaded. Additionally, Fractal ID reached out to impacted individuals personally in order to alert them of the security vulnerability.
Also Read: Pavel Durov Reveals Telegram’s July Initiative for Web3 Integration