コインチェーン

仮想通貨・Web3ニュース・投資・教育情報

Fractal ID Data Breach Traced to 2022 Hack of Employee Who Reused Password

Jul 23, 2024 #仮想通貨
Fractal ID Data Breach Traced to 2022 Hack of Employee Who Reused Passwordコインチェーン 仮想通貨ニュース

Fractal ID discloses that a data breach affecting 6,300 users traces back to a compromised password from a 2022 hack, highlighting the importance of robust security practices.

Points

  • Fractal ID’s data breach impacted around 6,300 users, traced to a 2022 password hack.
  • The compromised admin credentials allowed the attacker to exfiltrate user data.
  • Fractal ID has implemented stricter security measures and engaged with authorities.

Decentralized identity startup and Know-Your-Customer (KYC) verification provider Fractal ID has published a postmortem outlining the data breach that the company suffered on July 14. The company said the data breached “may include names, email addresses or phone numbers, wallet addresses, physical addresses, images, and pictures of any uploaded documents” of about 6,300 users, or 0.5% of the users in Fractal ID’s database.

The Berlin-based Fractal ID provides compliance assistance for at least eight crypto protocols including Polygon, Ripple, and Near, and counts over 250 companies among its clientele, according to its website.

The threat actor gained access to the system through a compromised employee’s account. Because the employee had administrator-level access to the system, the hacker was able to “sidestep” internal data privacy systems, the company states, before an automated system notified an engineer and allowed them to shut out the attacker 29 minutes after the attack began.

Root Cause of the Breach

The operator’s failure to follow operational security policies and training, along with the reuse of credentials from past hacks, facilitated the breach. On July 14, 2024, the crypto identity verification provider detected unusual activity in one of its back offices. This activity was quickly identified as a malicious attack, leading to data exfiltration for approximately 0.5% of its user base.

Fractal ID Breach

However, Fractal ID noted in the postmortem report that it disabled all accounts in the compromised system in response and limited access to senior employees. The company also prioritized enhancing its security measures to prevent future incidents, such as implementing request throttling, finer-grained authorization, tighter monitoring of failed authentication attempts, and stricter IP control.

In addition to internal efforts, Fractal ID contacted the pertinent data protection authorities and the cybercrime police division in Berlin. The company has also engaged with cybersecurity services to monitor for any potential distribution of stolen data on known data breach sites.

Data Breach Impact

According to the report, the stolen data, which affected around 6,300 users, includes various levels of information, from proof-of-personhood checks to complete KYC checks. This data may include names, email addresses, phone numbers, wallet addresses, physical addresses, and images of uploaded documents. Fractal ID also contacted affected users directly to inform them of the breach.

Fractal ID co-founders Julian, Julio, Lluis, and Anna expressed regret over the incident and emphasized their commitment to protecting user data. They reiterated the company’s goal of moving toward a self-custody storage system to enhance data security.

This security lapse serves as a stark reminder of the difficulties in safeguarding data. Autix10, a crypto ID provider, revealed on June 27 that their online administrative login details were exposed. However, in this instance, the attacker seemingly did not gain access to any customer data.

Initial Hack Dates Back to 2022

The employee’s machine was originally compromised all the way back in September 2022, according to researchers at cybercrime intelligence firm Hudson Rock. The machine was infected by the Raccoon ‘infostealer,’ a commonly available Malware-as-a-Service first observed in April 2019.

“While the computer was infected back in 2022, it appears the victim did not change their password, enabling the hackers to infiltrate an account and initiate the hack,” the researchers wrote.

“The operator didn’t follow our opsec policies and training. We have put technical measures in place to ensure these cannot be sidestepped by any operators in the future. This was not the result of a software vulnerability,” Fractal ID noted in its postmortem.

The U.S. Justice Department indicted a 26-year-old Ukrainian national, Mark Sokolovsky, in 2022 for conspiring to operate Raccoon Infostealer, which was allegedly leased to would-be hackers for as little as $200 a month in cryptocurrency. The FBI was able to identify “more than 50 million unique credentials and forms of identification (email addresses, bank accounts, cryptocurrency addresses, credit card numbers, etc.) in the stolen data from what appears to be millions of potential victims around the world,” though the agency acknowledged that number is likely an undercount.

After failing to fake his death following the Russian invasion of Ukraine, Sokolovsky was extradited to the United States this past February. The U.S. government also set up a website where users can check if their credentials have been compromised.

© 2023 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

解説

  • Security Policies: The breach underscores the importance of robust security policies and regular training. Ensuring employees follow security protocols can prevent similar incidents.
  • Data Exfiltration: The impact of data breaches can be significant, affecting thousands of users. Companies must be proactive in enhancing security measures and responding promptly to breaches.
  • Legal and Regulatory Actions: The involvement of law enforcement and regulatory bodies highlights the seriousness of data breaches. Companies must comply with legal requirements and work with authorities to address security incidents.