Web3 KYC vendor Fractal ID loses over 50k users’ passport info in data breach

Web3 KYC vendor Fractal ID loses over 50k users’ passport info in data breach
ôîòî ïîêàçàíî ñ : cryptoslate.com

2024-7-18 12:01

Fractal ID, a digital identity verification service provider, disclosed a data breach affecting approximately 0.5% of its user base—according to the company’s website and X profile, this could be over 50,000 users.

The compromised API includes sensitive user information such as names, email addresses, wallet addresses, phone numbers, physical addresses, and images of uploaded KYC documents.

Fractal is used by web3 projects, including Polygon ID, Ripple, XRP Ledger, Avalanche, Gnosis, Near, Aurora, Acala, Polymath, BNB Chain, Lukso, Aleph Zero, and Arbitrum Foundation.

The company reported that the incident occurred on July 14, 2024, when an unauthorized third party accessed an operator’s account and executed an API script to extract users’ personal information. The breach began at 05:14 A.M. UTC and lasted just over two hours.

The company stated it has taken immediate action to mitigate the breach’s impact and implemented additional security measures. Fractal ID also reported the incident to relevant data protection authorities and the cybercrime police division.

In response to the breach, Fractal ID emphasized that the incident was contained within their environment and did not affect their clients’ systems or products utilizing their services. However, the company advised affected users to be cautious of unsolicited communications requesting personal information, as breached data could be shared with third parties or used for commercial purposes.

Fractal ID’s approach to addressing the breach involved first contacting affected users, followed by impacted clients, before making a public announcement.

The incident has drawn criticism from some members of the crypto community. Blockchain investigator ZachXBT questioned the company’s ability to secure user data and suggested that teams using Fractal ID’s product should consider alternatives.

Potential impact of the breach

The company’s website claims its product removes the “risks of centralized platforms,” which raises questions about the nature of Fractal’s decentralization. Fractal states its mission is rooted in “true ownership of data,”

“We believe that Decentralized Identity is the key to revolutionizing how individuals engage with the web, enabling true ownership of data and the power to selectively share it.”

Fractal ID website

However, a review of the company’s developer documentation appears to show that all user information is accessible via a single API call. Once a user authorizes an application to access their data, it does not seem that this permission is required again for subsequent data requests.

Thus, it’s hard to see how the user has sovereignty and ownership of the data. A centralized endpoint was accessible to an attacker, leading to the loss of the most sensitive user data without any messages signed by users’ private keys.

Thousands of users’ identity information, such as passport and driving license scans, were stolen in the breach without being “selectively shared” by the owners. The scope of the damage this breach could cause is extensive.

The most sensitive stolen data could be used to create fraudulent accounts, seed phishing attacks, attempt to breach existing accounts, or even broader identity theft.

With access to names, email addresses, and wallet addresses, bad actors might craft convincing impersonation schemes or launch sophisticated social engineering attacks.

Physical addresses could be used for real-world stalking, harassment, or worse, with reports of home invasions targeting crypto professionals on the rise. Compromised wallet addresses might be used to track transaction histories or target high-value accounts.

While the ‘decentralized’ aspect of Fractal’s user data remains in question, one clear web3 element of the company, the price of its token (FCL), has been marginally affected, down 2.9%. With less than $3,000 in 24-hour trading volume and a market cap of $144,037, the token has fallen 43% year-to-date.

Users affected by this breach should remain vigilant, monitor their accounts closely, and consider updating their security measures across various online services to mitigate potential risks.

The post Web3 KYC vendor Fractal ID loses over 50k users’ passport info in data breach appeared first on CryptoSlate.

Similar to Notcoin - Blum - Airdrops In 2024

origin »

Streamr DATAcoin (DATA) íà Currencies.ru

$ 0.0448052 (+1.06%)
Îáúåì 24H $20.007m
Èçìåíåèÿ 24h: -1.50 %, 7d: -22.38 %
Cåãîäíÿ L: $0.0443369 - H: $0.0483213
Êàïèòàëèçàöèÿ $48.977m Rank 658
Öåíà â ÷àñ íîâîñòè $ 0.0406431 (10.24%)

users data breach fractal base user company

users data → Ðåçóëüòàòîâ: 126


Ôîòî:

Scammers target Facebook users with sponsored ads for fake cryptocurrencies

It appears Twitter has become so saturated with cryptocurrency scams that attackers are finally starting to target other platforms too – like Facebook. Unlike the standard Bitcoin giveaway scams on Twitter, the Facebook scam (as noticed by Hard Fork) is designed to trick users into giving up sensitive data, like their credit card information.

2018-11-28 17:48


Ôîòî:

This company promises to recover files from your locked iPhone – but it won’t help the FBI

DriveSavers, a company known for its data recovery services, announced that it can offer “passcode lockout recovery service,” which means it can unlock your secured iPhone. That’s notable because it’s damn near impossible to unlock an iOS device without the passcode or access to the owners’ biometric signatures for authentication.

2018-11-28 16:50


AMOS ICO

AMOS is a fitness technology solution, integrating distributed AI computing analysis and blockchain to provide a new experience on sports and exercising. a . Smart Sport Watch: AMOS calculates the calories burned by the user with smart sport watch and motivates the user to exercise through token feedback.

2018-11-28 14:34


Encrybit ICO

- ENCRYBIT THE RESEARCH BASED CRYPTOCURRENCY EXCHANGE Encrybit made history moments creating massive surveys in cryptocurrency market with 12k+ responses from traders among 167 countries. Encrybit exchange is thought of traders where we are merging their demands in reality developing the secured and featured enriched trading platform that does not want to compromise the emotions of traders.

2018-11-14 19:41


$30,000 fee for $1 Million Withdrawal? Crypto traders Outraged over Exorbitant fee charges from Bitfinex and Coinbase

From time to time, exchanges undergo several upgrades ranging from new innovative features to system maintenance and withdrawal fee changes. Bitfinex, the world’s 12th largest exchange according to data from coinmarketcap, has updated its payment structure, but users are not in agreement with the new changes made.

2018-11-13 19:09


Ôîòî:

New Exchange Security Scoring Model Offers Insurance Rates for Coin Holders

International cybersecurity solutions provider Group-IB has come up with a scoring model to grade crypto exchanges based on their level of security. The scoring model was created by Group-IB in conjunction with Swiss-based Cryptolns (which is operated by Swiss insurance broker APIS AS), and the grading is intrinsic to CryptoIns’ new cryptocurrency exchange insurance, which will allow exchange users to cover up to 15 BTC worth of digital assets held in their exchange accounts.

2018-11-13 00:43