On July 14th, 2024 Blockchain identity platform Fractal ID suffered a data breach resulting in sensitive KYC data of over 55,000 individuals being exposed online.
Fractal ID acknowledged the breach on July 17th:
The severity of this data leak should not be underestimated, as it includes the following set of sensitive details on the impacted individuals:
users’ names, email addresses, digital wallet addresses, physical addresses, phone numbers, facial images and uploaded photos of documents like passports and driver’s licenses.
The data was listed for sale on infamous cybercrime forum, breachforums, on July 18th:
Following the incident, Blockchain investigator, ZachXBT shared additional details relating to the infiltration method of the hacker:
Infostealer Infection of Fractal ID’s Employee
Hudson Rock researchers were able to determine that the abovementioned employee had their computer infected by Raccoon Infostealer on September 9th, 2022, resulting in over 500 credentials being stolen from the computer.
Among them many corporate credentials relating to Fractal.id:
While the computer was infected back in 2022, it appears the victim did not change their password, enabling the hackers to infiltrate an account and initiate the hack.
The data from the identified computer appears to be aligned with the claims of the hacker and stands as a reminder that Infostealers often aid hackers in obtaining initial accesses that lead to significant data breaches.
As Infostealers continue to evolve and become more sophisticated, organizations must remain vigilant and adopt robust cybersecurity measures. Infostealers represents a new era in cyber threats, one that requires adaptive strategies and proactive defense mechanisms to protect sensitive information and maintain cybersecurity.
To learn more about how Hudson Rock protects companies from imminent intrusions caused by info-stealer infections of employees, partners, and users, as well as how we enrich existing cybersecurity solutions with our cybercrime intelligence API, please schedule a call with us, here: https://www.hudsonrock.com/schedule-demo
We also provide access to various free cybercrime intelligence tools that you can find here: www.hudsonrock.com/free-tools
Thanks for reading, Rock Hudson Rock!
Follow us on LinkedIn: https://www.linkedin.com/company/hudson-rock
Follow us on Twitter: https://www.twitter.com/RockHudsonRock