Blockchain identity platform Fractal ID announced a data breach on July 14, as revealed in a notice published on their website on July 17. Fractal ID, which partners with platforms like Gnosis Pay, Acala, Polygon ID, and Lukso, did not specify which partners, if any, were affected by the breach.
Some users reported receiving warnings from Gnosis Pay, advising them to be wary of unsolicited communications.
According to Fractal, only about 0.5% of its user base was affected.
The breach occurred when a third party gained unauthorized access to an operator’s account and ran a script to access users’ personal data at 5:14 AM UTC. Fractal’s team detected the breach and logged the attacker out by 7:29 AM UTC, limiting the breach duration to just over two hours.
The compromised data included names, email addresses, wallet addresses, phone numbers, physical addresses, images, and uploaded documents for the affected users. Fractal assured that the breach was contained within their environment and did not impact clients’ systems or products. However, they advised affected users to be cautious of any unsolicited requests for additional personal information.
Web3 developer Paulo Fonseca shared an email from Gnosis Pay, which detailed the breach and reassured users that their data was not part of the accessed information, while still advising caution.
This incident highlights the ongoing risks associated with storing know-your-customer (KYC) information, which many jurisdictions require cryptocurrency exchanges and payment providers to collect. While KYC practices are intended to prevent money laundering, they also pose a risk of exposing sensitive user data.
Recent incidents, such as the leaked administration credentials of crypto ID provider Autix10 and the data breach of the 2-factor authentication app Authy, underscore the vulnerabilities in digital security systems and the importance of safeguarding personal information.
Disclaimer: The information provided on CoinsLately is for informational and educational purposes only. CoinsLately does not provide investment, financial, or legal advice. The content on this site represents the opinions and views of the authors and should not be considered as professional financial advice.
Cryptocurrency investments are highly speculative and involve substantial risk. You should conduct your own research and consult with a qualified financial advisor before making any investment decisions. CoinsLately and its authors are not responsible for any financial losses or damages incurred as a result of the information provided on this site.