Fractal ID Data Breach Traced to 2022 Employee Hack

Fractal ID, a decentralized identity startup, recently suffered a data breach affecting approximately 6,300 customers. The breach was traced back to a 2022 hack involving an employee who reused their password. The Raccoon Infostealer malware was used to steal the employee’s credentials, as reported by Hudson Rock, a cybercrime intelligence firm.

Fractal ID provides KYC verification services for various crypto protocols like Polygon, Ripple, and Near, serving over 250 companies. The exposed data may include names, email addresses, phone numbers, wallet addresses, physical addresses, and images of uploaded documents. The compromised account had administrator-level access, allowing the hacker to bypass data privacy systems. An automated system alerted an engineer, who shut out the attacker within 29 minutes of the breach.

A party claiming responsibility for the attack demanded a ransom, but Fractal ID refused to pay and contacted Berlin's cybercrime law enforcement instead. The company has notified affected users and plans to implement measures to prevent future breaches, such as restricting account access to sensitive data and blocking login attempts from unknown IP addresses.

Hudson Rock's research revealed that the employee's machine was infected with Raccoon Infostealer since September 2022. Despite the infection, the employee did not change their password, allowing hackers to exploit the account. Fractal ID emphasized that the breach was due to a failure to follow operational security policies and not a software vulnerability. The company has since put technical measures in place to prevent such oversights.

The Raccoon Infostealer has been a significant threat since its introduction in April 2019. In 2022, the U.S. Justice Department indicted Mark Sokolovsky, a Ukrainian national, for operating the malware. The FBI identified over 50 million stolen credentials, though this is likely an undercount. Sokolovsky, who attempted to fake his death after the Russian invasion of Ukraine, was extradited to the U.S. in February. The U.S. government has set up a website for users to check if their credentials were compromised.

In response to the breach, Fractal ID is committed to enhancing its security measures and ensuring that operational security protocols are strictly followed. This incident highlights the importance of robust cybersecurity practices and the need for organizations to stay vigilant against evolving cyber threats.

Fractal ID's experience is a reminder of the serious consequences of security lapses and the critical need for stringent security measures and regular employee training. By taking these steps, Fractal ID aims to protect its users and prevent future incidents.