Which companies rely on Fractal ID for their services?

Fractal ID is utilized by various Web3 applications and services, including Gnosis Pay, Acala, Polygon ID, and Lukso, for Know Your Customer (KYC) and Anti-Money Laundering (AML) compliance.

When and how did the Fractal ID data breach occur?

On July 14, 2024, at approximately 05:14 AM UTC, a third party gained unauthorized access to an operator's account within Fractal ID and executed an API script to retrieve user data. The breach was identified and contained by 07:29 AM UTC, limiting the attack duration to 2 hours and 14 minutes.

What type of data was exposed in the Fractal ID breach?

The specific data exposed includes names, email addresses, wallet addresses, phone numbers, physical addresses, and images and pictures of uploaded documents.

What percentage of Fractal ID’s user base was affected by the breach?

Approximately 0.5% of Fractal ID’s user base was affected by the breach.

What measures were taken by Fractal ID upon detecting the breach?

Upon detecting the breach, the Fractal ID team terminated the attacker’s access and logged them off the system. The breach was confined to Fractal's environment, and no partner systems or products were compromised.

What other identity management platforms have experienced similar incidents recently?

Similar incidents include a leak of administration credentials by crypto ID provider Au10tix on June 27, 2024, and a breach of the two-factor authentication app Authy on July 3, 2024, resulting in the exposure of user phone numbers.

Incident

Fractal ID identity platform reports data breach

published: July 17, 2024

Learn More

On July 14, 2024, Blockchain identity platform Fractal ID experienced a significant data breach, impacting a fraction of its user base.

This breach was publicly disclosed on July 17 2024, has raised concerns due to the sensitive nature of the data involved and the high-profile partnerships of Fractal ID.

Fractal ID, based in Berlin, Germany is an identity verification platform utilized by various Web3 applications and services. Among its partners are Gnosis Pay, Acala, Polygon ID, and Lukso, all of which rely on Fractal's services for Know Your Customer (KYC) and Anti-Money Laundering (AML) compliance.

On the morning of July 14, at approximately 05:14 AM UTC, a third party gained unauthorized access to an operator's account within Fractal ID. Utilizing this access, the attacker executed an API script to retrieve user data. The breach was identified and contained by 07:29 AM UTC, limiting the attack duration to 2 hours and 14 minutes.

The breach affected approximately 0.5% of Fractal ID’s user base. The specific data exposed includes:

Names
Email addresses
Wallet addresses
Phone numbers
Physical addresses
Images and pictures of uploaded documents

The number of affected individuals is not disclosed.

Update - as of 20th of July 2024, Fractal ID reports that the data breach on July 14 is affecting approximately 6,300 users, which is about 0.5% of its user base. The hacker gained access to the system through a compromised employee’s account, which was originally infected by the Raccoon 'infostealer' malware in September 2022. The compromised machine did not have its password changed, allowing the attacker to exploit the account and initiate the hack.

Upon detecting the breach, the Fractal ID team terminated the attacker’s access, logging them off the system. Per the statement, the breach was confined to Fractal's environment, and no partner systems or products were compromised.

Some users reported receiving notifications from Gnosis Pay, a partner of Fractal ID, warning them of the breach and advising caution regarding unsolicited communications.

Affected users are urged to remain vigilant for potential phishing attempts or other fraudulent activities.

Similar incidents have impacted identity management platforms

Fractal ID identity platform reports data breach

Read More
Taiwan's Systex Corporation reports ransomware attack
Au10tix leaks Administrative Credentials
Hacker claims data breach of Capgemini
Hacker claims to have breached Twilio's SendGrid, selling …
WorkComposer employee monitoring app leaks 21 million screenshots