- Fractal ID’s data breach on July 14, 2024, was traced back to a 2022 incident where an employee reused a compromised password.
- The compromised account, infected by Raccoon malware, allowed attackers to bypass internal data privacy systems despite system monitoring.
- Fractal ID responded by enhancing security measures, including request throttling, stricter IP control, and notifying Berlin’s cybercrime law enforcement.
On July 14, 2024, blockchain identity platform Fractal ID detected unusual activity, signalling a data breach. The company quickly identified the attack and managed to contain it within 29 minutes. Nevertheless, data exfiltration for roughly 0.5% of its user base was caused by the attack.
The incident from 2022 was linked to the breach. An employee had reused a compromised password, facilitating the attack. This employee, with three years of tenure and admin rights, failed to adhere to security policies, allowing the attacker to bypass internal data privacy systems. Despite the breach, system monitoring enabled swift action, locking out the attacker promptly.
Compromised Credentials
The compromised account belonged to an operator whose machine was infected with the Raccoon ‘infostealer’ malware in September 2022. According to cybercrime intelligence firm Hudson Rock, the malware infection occurred due to the reuse of credentials from past hacks. Fractal ID emphasized in their postmortem that the operator did not follow operational security policies and training, leading to the breach.
Fractal ID responded by disabling all accounts in the compromised system and limiting access to senior employees. They implemented new security measures, including request throttling, finer-grained authorization, tighter monitoring of failed authentication attempts, and stricter IP control. Moreover, the company contacted data protection authorities and the cybercrime police division in Berlin. Additionally, they engaged cybersecurity services to monitor for any potential distribution of stolen data.
Ransom Request and Legal Actions
The attacker requested a ransom, which Fractal ID declined to engage with. Instead, they contacted Berlin’s cybercrime law enforcement. The company also notified affected users. Notably, the Raccoon Infostealer malware, involved in the breach, has been linked to a 2022 U.S. Justice Department indictment. Mark Sokolovsky, a Ukrainian national, was charged with operating the malware. The malware had facilitated the theft of over 50 million unique credentials and forms of identification worldwide.
Fractal ID’s postmortem highlighted several measures to prevent future incidents. These include restricting account access to sensitive data and blocking login requests from unknown IP addresses. The company also stressed the importance of following operational security policies to ensure robust protection against similar threats in the future.
Read also:
The post Fractal ID Suffers Data Breach: Postmortem Report Details Incident appeared first on Crypto News Land.