Mitrade Insights is dedicated to providing investors with rich, timely and most valuable financial information to help investors grasp the market situation and find timely trading opportunities.

2021

Best News & Analysis Provider

FxDailyInfo

2022

Best Forex Educational Resources Global

International Business Magazine

Insights

News

Cryptocurrencies

Fractal ID Data Breach Caused by Vulnerability Leading Back to 2022

Source Livebitcoinnews

Fractal ID, an on-chain identity platform, suffered a hack on July 14th, 2024, causing the sensitive data of 0.5% of its users, or 6,300 accounts, to be revealed to the bad actors. Analysis of the incident revealed that the breach occurred due to an operator with admin controls setting an insecure password in 2022. The password was a reused one, breaking operational security best practices and allowing the hacker to grab sensitive user-related data, including wallet addresses, KYC details, and personal residential addresses.

On-chain sleuth ZachXBT revealed the details leading to the hack in a recent X post, “The threat actor shared details about the Fractal ID employee who allegedly had his account compromised who did not have 2FA and reused passwords allowing them to easily gain access to his account and exfiltrate data.”

Fractal ID’s team and systems recognized the attack as it occurred and stopped it in around 29 minutes, preventing the hacker from accessing more user data. It detailed the breach in a report, “On Sunday, July 14th, 2024 at 07:00 UTC, our systems monitoring alerted one of our engineers who was on call. This alert pointed to unusual activity on one of Fractal ID’s backoffices: one specific endpoint, not regularly used in the course of normal operations, was being queried.”

It continued, “This initially appeared to be a regression on the backoffice’s frontend code, but it soon became clear it was instead evidence of an attack, and at 07:29 UTC they shut down this backoffice to thwart it.” Soon after locking the attacker out, Fractal ID disabled every employee account, bringing back access to accounts belonging to senior employees.

Going forward, the on-chain identity platform has taken measures to ensure vulnerabilities arising this way do not occur, as technical measures will prevent employees from sidestepping operational security. Moreover, Fractal ID has contacted authorities to take action against the criminal, improved its security infrastructure and practices, and contacted an external cybersecurity firm.

Finally, it looks to switch to self-custody of its user base’s data rather than relying on a centralized server, which was the root cause of this attack.

The post Fractal ID Data Breach Caused by Vulnerability Leading Back to 2022 appeared first on Live Bitcoin News.

Disclaimer: For information purposes only. Past performance is not indicative of future results.

Recommended Articles

Be careful chasing stocks while the S&P 500 is above 5,500: BCA Investing.com – As the S&P 500 ebbs and flows around the 5,500 level, BCA warns against chasing stocks above this level as the winds of recession are picking up pace and the cooling 'AI mania' suggest the end for U.S. stock market exceptionalism is on the horizon.

Author Investing.com

12 hour ago

Investing.com – As the S&P 500 ebbs and flows around the 5,500 level, BCA warns against chasing stocks above this level as the winds of recession are picking up pace and the cooling 'AI mania' suggest the end for U.S. stock market exceptionalism is on the horizon.

Robinhood Settles $3.9 Million Penalty Over Crypto Withdrawal Issues Robinhood’s cryptocurrency arm has agreed to a $3.9 million settlement following an investigation into its past practices, the California Department of Justice announced Wednesday.

Author Live Bitcoin News

12 hour ago

Robinhood’s cryptocurrency arm has agreed to a $3.9 million settlement following an investigation into its past practices, the California Department of Justice announced Wednesday.

Broadcom lifts annual AI revenue outlook after Q3 results beat estimates Investing.com - Broadcom on Thursday lifted its guidance on annual artificial intelligence revenue after reporting third-quarter results that beat analysts' forecasts supported by strength in an AI-product revenue and strong performance from VMWare.

Author Investing.com

12 hour ago

Investing.com - Broadcom on Thursday lifted its guidance on annual artificial intelligence revenue after reporting third-quarter results that beat analysts' forecasts supported by strength in an AI-product revenue and strong performance from VMWare.

Nonfarm Payrolls expected to show modest hiring rebound in August after July’s tepid report The US labor market data hold the key for markets to gauge the size of the expected interest-rate cut by the US Federal Reserve (Fed) in September, ramping up the volatility around the US Dollar (USD).

Author FXStreet

12 hour ago

The US labor market data hold the key for markets to gauge the size of the expected interest-rate cut by the US Federal Reserve (Fed) in September, ramping up the volatility around the US Dollar (USD).

Bitcoin (BTC) Price Struggles Put Short-Term Holders at a Disadvantage In recent months, a cohort of Bitcoin (BTC) holders has been notably affected by the coin’s struggle to stabilize above $70,000. This group comprises short-term holders (STHs) — investors who have held the asset for less than 155 days.

Author Beincrypto

12 hour ago

In recent months, a cohort of Bitcoin (BTC) holders has been notably affected by the coin’s struggle to stabilize above $70,000. This group comprises short-term holders (STHs) — investors who have held the asset for less than 155 days.

Popular Symbols