Today, we are sharing an important update regarding the data breach that affected Fractal ID on July 14th, 2024. Resonance, the cybersecurity agency we engaged to conduct a forensic analysis as part of an incident response, has completed its investigation of the data breach. Most importantly, Resonance has verified our findings regarding the number of users impacted, and the method in which the attacker was able to access our internal systems.
Our commitment to those users and to our community at large remains steadfast as we continue to work with relevant authorities and to improve our systems going forward to ensure this can never happen again.
The details of Resonance’s findings are outlined below.
Resonance Report Findings
- Impact confirmation: Resonance investigation confirmed that there was an attack on July 14th, 2024, using the attack methodology described below, which impacted approximately 6,300 users, constituting about 0.5% of our user base. This aligns with our initial assessments.
- Timing and scope: The attack was confined to a specific time frame, and no evidence of other breaches was found within the 30-day log retention period, as far as our logs are available.
- Attack methodology: The breach on July 14th, 2024 was carried out by an unauthorized party who gained access using compromised operator credentials. This access allowed the extraction of data through an API using privileged administrative rights.
- Further analysis: Following the attacker’s claims, Resonance also thoroughly analyzed all available logs and other potential attack vectors that could have been used to exfiltrate further user personal data. Based on this information, no evidence that additional data was extracted was found within the available logs. We will be working together with Resonance to further assess any potential further impact of this breach and conduct a thorough penetration test of the system.
Support for Affected Users
Our primary focus remains on supporting those affected by the breach. We are offering a complimentary two-year subscription to an online identity and credit monitoring service, as well as continued support from Resonance Security’s consumer cybersecurity division to all impacted users. We encourage anyone affected to reach out to us at help@fractal.id for assistance in enrolling in this service.
Looking Forward
We are actively working to enhance our systems and the way we look at KYC for web3 and will continue working with Resonance to further increase Fractal ID’s security. We appreciate the patience and understanding from our community and partners alike as we make these critical changes. Our dedication to building a secure and reliable identity solution remains unwavering, and we will continue to keep you informed as we progress towards a better future.
Thank you for your continued support of Fractal ID.