Fractal ID Details

    Organization Logo

    Fractal ID

    Berlin, Germany50 employees • Technology

    https://web.fractal.id/
    Germany

    Industry

    Technology

    Security Incidents

    1

    Fractal ID is a platform focused on providing digital identity solutions, primarily for financial services, crypto-based companies, and other organizations requiring robust identity verification. The company leverages advanced technology to ensure compliance with KYC (Know Your Customer) and AML (Anti-Money Laundering) regulations, helping its clients to streamline the customer onboarding process. By offering a seamless and secure way to verify identities, Fractal ID reduces the operational burden of compliance while enhancing user experience.

    Fractal ID was established to address the growing...
    Show more

    Security Incidents

    Fractal ID Breach of Jul 2024
    Severity Score
    Moderate to Significant

    Type

    Unknown

    Summary

    Fractal ID, a blockchain identity platform, experienced a data breach on July 14, which was officially disclosed on July 17. A third party gained unauthorized access to an operator’s account and executed an API script that accessed user data. Despite the breach being detected and contained within roughly two hours, approximately 0.5% of Fractal ID’s user base was affected.

    The compromised data includes names, email addresses, wallet addresses, phone numbers, physical addresses, and images of uploaded documents. Although Fractal ID partners, like Gnosis Pay, Acala, Polygon ID, and Lukso, were ...
    Show more

    Severity

    The Fractal ID data breach on July 14 affected approximately 0.5% of its user base and exposed sensitive information, including names, email addresses, wallet addresses, phone numbers, physical addresses, and images of uploaded documents. Despite the rapid detection and containment of the breach, its occurrence has raised significant concerns about data security within the Web3 ecosystem, especially given Fractal ID’s key partnerships with platforms like Gnosis Pay, Acala, Polygon ID, and Lukso. Although the breach was contained within Fractal ID’s environment, the compromised data and its pot...
    Show more

    Impact

    The Fractal ID data breach on July 14 resulted from unauthorized access to an operator's account, enabling an attacker to execute an API script and access the personal data of approximately 0.5% of the user base. The compromised data included names, email addresses, wallet addresses, phone numbers, physical addresses, and images of uploaded documents. While the breach was swiftly contained, the exposure of such sensitive information poses a significant risk to users and has heightened concerns amongst partners in the Web3 ecosystem.

    Importantly, Fractal ID confirmed that the breach did not af...
    Show more