Gnosis Pay warns users of a data breach at Fractal ID, affecting approximately 0.5% of its user base. Learn about the breach, its impact, and the security measures in place.
Bollywood Fever: Gnosis Pay, a decentralized payment network, informed users on Wednesday about a data breach at Fractal ID, the customer verification service it has relied on since 2019. According to a customer service email obtained by The Block, the breach may affect multiple Web3 companies.
The Gnosis Pay team reported that on July 15, 2024, at 7:30 PM CET, Fractal ID notified them of a breach that occurred on July 14, 2024. Gnosis Pay CEO Julian Leitloff confirmed the incident, explaining that a single operator account was compromised, leading to suspicious activity. Immediate actions were taken to stop access, identify the cause, and verify it with external support. Approximately 0.5% of Fractal ID’s 1 million users were impacted.
Fractal ID, based in Berlin and founded in 2017, collects and stores sensitive personally identifiable information (PII) for users, including names, residences, email addresses, “Liveness Detection Selfie Scans,” and documents like passports and licenses. The company provides compliance assistance for at least eight crypto protocols, including Polygon, Ripple, and Near, and serves over 250 companies.
“The attack wasn’t Gnosis specific but related to the operator’s account access,” said Leitloff. “The system itself was not impacted, but this account had access to user data.” An engineer discovered the breach, which allowed the attacker to run an API script to access user data. The exploit was halted within just over two hours.
Despite Fractal ID’s high-security measures, including data encryption, the attacker might have used a siphoned password from other hacks to gain entry. Although Fractal ID offers a decentralized identity product, it stores client data in centralized databases, a common practice for regulated entities to ensure security.
A user on X, @arlery, who posted Fractal ID’s email, expressed alarm over the breach, noting its use for various KYC processes. Fractal ID’s blog emphasized that sensitive data is encrypted with advanced security processes.
Fractal ID is also a main developer of the open-source digital ID operating system idOS, which enables users to manage their identity across the Web. Supported by Enterprise Singapore and the German government, idOS has raised nearly $8 million.
While Fractal ID has not publicly disclosed the breach on social media or its website, Leitloff assured The Block that the exploit affected only a fraction of the user base. As investigations continue, Gnosis Pay and Fractal ID are focused on enhancing security measures to protect user data.
Also Read other news articles, Philippine Central Bank Revises Forex Regulations to Enhance Economic Monitoring
Allianz to Acquire Majority Stake in Singapore’s Income Insurance for $1.6 Billion
Lifi Finance Suffers $8 Million Loss Due to Exploit
Dolly Parton Extends Congratulations to Beyoncé for Billboard Country Chart Achievement
Shamima Begum’s Appeal Denied: British Citizenship Removal Stands