Fun

Fractal ID postmortem ties breach to 2022 password hack

News Feed - 2024-07-21 04:07:17

Amaka Nwaokocha1 hour agoFractal ID postmortem ties breach to 2022 password hackThis breach highlights the ongoing challenges in maintaining data security, especially in today’s centralized storage systems.505 Total views5 Total sharesListen to article 0:00NewsOwn this piece of crypto historyCollect this article as NFTJoin us on social networksBlockchain identity platform Fractal ID has published a postmortem outlining the data breach that the company suffered on July 14. The breach has since been traced back to a 2022 incident where an employee reused a compromised password.


According to Fractal ID, the compromised account belonged to an operator with the platform for three years and had admin rights. This allowed the attacker to bypass internal data privacy systems, though system monitoring helped lock out the attacker within 29 minutes.Root cause of the breach


The operator’s failure to follow operational security policies and training, along with the reuse of credentials from past hacks, facilitated the breach.


On July 14, 2024, the crypto identity verification provider detected unusual activity in one of its back offices. This activity was quickly identified as a malicious attack, leading to data exfiltration for approximately 0.5% of its user base.Source: Fractal ID


However, Fractal ID noted in the postmortem report that it disabled all accounts in the compromised system in response and limited access to senior employees. The company also prioritized enhancing its security measures to prevent future incidents, such as implementing request throttling, finer-grained authorization, tighter monitoring of failed authentication attempts, and stricter IP control.


Related:New ‘overlay attacks’ are a growing threat to crypto users — security CEO


In addition to internal efforts, Fractal ID contacted the pertinent data protection authorities and the cybercrime police division in Berlin. The company has also engaged with cybersecurity services to monitor for any potential distribution of stolen data on known data breach sites.Data breach impact


According to the report, the stolen data, which affected around 6,300 users, includes various levels of information, from proof-of-personhood checks to complete KYC checks. This data may include names, email addresses, phone numbers, wallet addresses, physical addresses, and images of uploaded documents. Fractal ID also contacted affected users directly to inform them of the breach.


Fractal ID co-founders Julian, Julio, Lluis, and Anna expressed regret over the incident and emphasized their commitment to protecting user data. They reiterated the company’s goal of moving toward a self-custody storage system to enhance data security.


This security lapse serves as a stark reminder of the difficulties in safeguarding data. Autix10, a crypto ID provider, revealed on June 27 that their online administrative login details were exposed. However, in this instance, the attacker seemingly did not gain access to any customer data.


Magazine:Crypto-Sec: Evolve Bank suffers data breach, Turbo Toad enthusiast loses $3.6K# Blockchain# Business# Security# Technology# Identity# Identification# HacksAdd reaction

News Feed

OKX adds Uniswap API on DEX, launches gas-free trading
Ezra Reguerra7 hours agoOKX adds Uniswap API on DEX, launches gas-free tradingOKX chief innovation officer Jason Lau said that the new feature eliminates common DeFi headaches like slippage, MEV attacks and failed transa
US Sanctions Bitriver, Targets Russia’s Crypto Mining Potential
US Sanctions Bitriver, Targets Russia’s Crypto Mining Potential In an attempt to deny Russia opportunities to evade sanctions through cryptocurrencies, the U.S. Department of the
Dogecoin About To Enter Phase Of Explosive Growth – Charts Reveal Massive Breakout
Este artículo también está disponible en español. Dogecoin is once again testing a critical resistance level at $0.43, showing signs of renewed bullish momentum. This lev
US and UK to Deepen Ties on Crypto Regulation, Says British Regulator
US and UK to Deepen Ties on Crypto Regulation, Says British Regulator Britain’s top financial regulator, the Financial Conduct Authority (FCA), says the U.S. and U.K. will d
Tron Hits Key Price Levels as Revenue and Adoption Soar: What’s Next?
Este artículo también está disponible en español. Despite broader bearish trends in the cryptocurrency market, Tron (TRX) has demonstrated resilience with notable growth
Central Bank of Nigeria Selects Barbados-Based Fintech Firm as Technical Partner for CBDC Project
Central Bank of Nigeria Selects Barbados-Based Fintech Firm as Technical Partner for CBDC Project The Central Bank of Nigeria (CBN) has named the fintech firm Bitt Inc. as a techni
Illegal Crypto Miners Threatened With Jail Time in Russia
Illegal Crypto Miners Threatened With Jail Time in Russia Cryptocurrency miners that are illegally connecting their equipment to the power grid should go to prison, says a Russian
Mastercard to Implement Payments for NFT and Web3 Projects
Mastercard to Implement Payments for NFT and Web3 Projects Payments giant Mastercard has announced it is working to bring direct payment support for a number of NFT and Web3 platfo
Cloudbet Launches Second Major Stablecoin With USDC
Cloudbet Launches Second Major Stablecoin With USDCCloudbet, the pioneering crypto sportsbook and casino, has added USD Coin to the portfolio of coins available to customers, markin
Ezra Reguerra10 hours agoLiquid staking claims top spot in DeFi: Binance reportA Binance spokesperson highlighted that there are things to be wary of when liquid staking, including smart contract vulnerabilities, slashin
3 prevendite crypto da considerare prima dell’insediamento di Trump
Este artículo también está disponible en español. Mancano solo pochi giorni all’insediamento del nuovo presidente degli Stati Uniti, Donald Trump, e l’attesa
MicroStrategy Makes Record $4.6 Billion Bitcoin Purchase, Largest Yet
Este artículo también está disponible en español. Business intelligence firm MicroStrategy has ramped up its Bitcoin (BTC) investment following President-elect Donald Tru