Fractal ID, a business specializing in decentralized identity, experienced a data breach in 2022 that impacted around 6,300 users. The hack was attributed to an employee who used the same password, utilizing the Raccoon Infostealer malware to pilfer their login information.
Fractal ID offers Know Your Customer (KYC) verification services for many cryptocurrency protocols and caters to more than 250 companies. The infiltrated account possessed elevated privileges, enabling the hacker to circumvent data privacy mechanisms. Fractal ID successfully neutralized the attacker within a time frame of 29 minutes following the breach.
Fractal ID, upon receiving a ransom demand from a party claiming responsibility, declined to comply and promptly notified the cybercrime law enforcement authorities in Berlin.
The company has informed the users who were impacted and intends to enact measures to avert future breaches, including limiting account access to confidential information and prohibiting login attempts from unfamiliar IP addresses.
The Raccoon Infostealer has posed a substantial danger since it was first introduced in April 2019. In 2022, Mark Sokolovsky, a Ukrainian national, was indicted by the U.S. Justice Department for his involvement in operating the malware.
The FBI has detected more than 50 million stolen credentials; however, this figure is certainly an underestimate. The U.S. government has established a webpage for users to verify whether their credentials have been hacked. Fractal ID is dedicated to improving its security procedures and ensuring rigorous operational security protocols.
