Fun

Fractal ID postmortem ties breach to 2022 password hack

News Feed - 2024-07-21 04:07:17

Amaka Nwaokocha1 hour agoFractal ID postmortem ties breach to 2022 password hackThis breach highlights the ongoing challenges in maintaining data security, especially in today’s centralized storage systems.505 Total views5 Total sharesListen to article 0:00NewsOwn this piece of crypto historyCollect this article as NFTJoin us on social networksBlockchain identity platform Fractal ID has published a postmortem outlining the data breach that the company suffered on July 14. The breach has since been traced back to a 2022 incident where an employee reused a compromised password.


According to Fractal ID, the compromised account belonged to an operator with the platform for three years and had admin rights. This allowed the attacker to bypass internal data privacy systems, though system monitoring helped lock out the attacker within 29 minutes.Root cause of the breach


The operator’s failure to follow operational security policies and training, along with the reuse of credentials from past hacks, facilitated the breach.


On July 14, 2024, the crypto identity verification provider detected unusual activity in one of its back offices. This activity was quickly identified as a malicious attack, leading to data exfiltration for approximately 0.5% of its user base.Source: Fractal ID


However, Fractal ID noted in the postmortem report that it disabled all accounts in the compromised system in response and limited access to senior employees. The company also prioritized enhancing its security measures to prevent future incidents, such as implementing request throttling, finer-grained authorization, tighter monitoring of failed authentication attempts, and stricter IP control.


Related:New ‘overlay attacks’ are a growing threat to crypto users — security CEO


In addition to internal efforts, Fractal ID contacted the pertinent data protection authorities and the cybercrime police division in Berlin. The company has also engaged with cybersecurity services to monitor for any potential distribution of stolen data on known data breach sites.Data breach impact


According to the report, the stolen data, which affected around 6,300 users, includes various levels of information, from proof-of-personhood checks to complete KYC checks. This data may include names, email addresses, phone numbers, wallet addresses, physical addresses, and images of uploaded documents. Fractal ID also contacted affected users directly to inform them of the breach.


Fractal ID co-founders Julian, Julio, Lluis, and Anna expressed regret over the incident and emphasized their commitment to protecting user data. They reiterated the company’s goal of moving toward a self-custody storage system to enhance data security.


This security lapse serves as a stark reminder of the difficulties in safeguarding data. Autix10, a crypto ID provider, revealed on June 27 that their online administrative login details were exposed. However, in this instance, the attacker seemingly did not gain access to any customer data.


Magazine:Crypto-Sec: Evolve Bank suffers data breach, Turbo Toad enthusiast loses $3.6K# Blockchain# Business# Security# Technology# Identity# Identification# HacksAdd reaction

News Feed

BlackRock’s Bitcoin ETF sets daily volume record as BTC recoups slump
Jesse Coghlan7 hours agoBlackRock’s Bitcoin ETF sets daily volume record as BTC recoups slumpNearly 100 million shares of BlackRock’s Bitcoin funds were traded on Thursday, setting a new daily volume record.8735 Tota
XRP Price In Motion: Analyst Reveals The Next Major Supports And Resistances
Este artículo también está disponible en español. With the XRP price set to make its next move, crypto analyst Dark Defenderhas revealed the next major support and resist
Is Defi Coming to Bitcoin Cash? An Overview of Detoken and the Anyhedge Protocol
Is Defi Coming to Bitcoin Cash? An Overview of Detoken and the Anyhedge Protocol Maybe you’ve heard of Anyhedge. Last April, news.Bitcoin.com published an
CEO: Coinbase Has Earned $2 Billion in Transaction Fees Since 2012
Coinbase has earned more than $2 billion in transaction fee revenue since launching in 2012, according to CEO Brian Armstrong. Speaking onstage at a Vanity Fair event, Armstrong sai
Anthony Clarke9 hours agoHow the actor model could enable better blockchain gaming appsCan developments in computing help fix blockchain gaming’s quality problem?325 Total views41 Total sharesListen to article 0:00Anal
Brayden Lindrea5 hours agoCrypto firms beware: Lazarus’ new malware can now bypass detectionThe malware payload “LightlessCan” — used in fake job scams — is far more challenging to detect than its predecessor,
Ezra Reguerra10 hours agoMetaverse project The Sandbox unlocks $133M worth of tokensThe next batch of token unlocks for The Sandbox is on Feb. 14, 2024, and will unfreeze over 200 million SAND for its team, company reser
Spanish Tax Agency Puts Crypto in Its Sights for the Upcoming Tax Season
Spanish Tax Agency Puts Crypto in Its Sights for the Upcoming Tax Season The Spanish tax agency has included crypto as part of its new guidelines for this year’s upcoming tax
Once unprofitable BTC miners are turning their machines back on — Analyst
Brayden Lindrea6 hours agoOnce unprofitable BTC miners are turning their machines back on — AnalystThese once-unprofitable Bitcoin miners may have contributed to Bitcoin’s 14.7% increase in hash rate since the start
Block Sizes Exceeding 3 MB Now Common on Bitcoin Blockchain as Ordinal Inscription Demand Rises
Block Sizes Exceeding 3 MB Now Common on Bitcoin Blockchain as Ordinal Inscription Demand Rises Since Luxor, a bitcoin mining pool, mined a record-setting 3.96 MB block (#774,628)
OpenAI co-founder leaves for AI rival Anthropic
Tom Mitchelhill4 hours agoOpenAI co-founder leaves for AI rival AnthropicOpenAI co-founder John Schulman says he"s leaving OpenAI to focus more intently on AI alignment and "hands-on technical work" at rival fi
StarkWare launches open-source ZK prover at ETH Denver
Zoltan Vardai25 minutes agoStarkWare launches open-source ZK prover at ETH DenverThe new open source ZK prover aims to reduce latency and reduce transaction costs for end users.77 Total viewsListen to article 0:00Announc