Fractal ID Reports Data Breach Impacting 0.5% of User Base

As a seasoned cybersecurity researcher with extensive experience in blockchain technology and identity platforms, I’m deeply troubled by Fractal ID’s recent data breach announcement on July 17, 2024. Having closely followed the developments in the cryptocurrency and blockchain industries, I can’t help but feel a sense of dismay that yet another platform has fallen victim to a malicious external party.


As a researcher investigating the latest developments in the blockchain identity sector, I came across an announcement from Fractal ID regarding a data breach that occurred on July 14. This information was made public through a notice posted on their website on July 17.

As a security analyst investigating this incident, I discovered that an unauthorized third party managed to infiltrate an operator’s account during the timeframe between 05:14 and 07:29 UTC. Using an API script, they gained access to the personal data of around 0.5% of Fractal ID’s user base.

On July 14, 2024, a malicious outside intruder successfully breached Fractal ID’s security system and infiltrated an operator’s account. Our team promptly responded, but unfortunately, approximately 0.5% of our user base was impacted by this incident.

— FRACTAL ID (@Fractal_ID) July 17, 2024

Partners of Fractal, including Gnosis Pay, Acala, Polygon ID, Lukso, and other Web3 applications, might have been implicated in a recent security incident. While Fractal hasn’t disclosed which partners were specifically involved, users of Gnosis Pay reportedly received notifications about the attack and advised caution against interacting with messages from unverified sources.

Based on the formal communication, it’s revealed that potentially sensitive information such as names, email addresses, cryptocurrency wallet addresses, phone numbers, physical addresses, and scanned documents might have been accessed during a security incident. However, the intrusion was successfully stopped within Fractal’s own network, leaving their clients’ systems and offerings unaffected.

Due to the data breach, affected users are advised not to share additional personal details with suspicious entities. Fractal ID and its collaborators continue investigating the issue and have enhanced security measures.

At this point in time, the crypto and blockchain sectors are grappling with heightened worries regarding user data privacy. The collection of personal information for KYC (Know Your Customer) procedures is a significant contributor to these concerns.

Companies continue to face challenges in ensuring the security of personal data, as demonstrated by recent incidents.

Read More

Sorry. No data so far.

2024-07-18 08:36