Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

Exclusive: Stormous ransomware gang claims hack of blockchain identity firm Fractal ID

Hackers allegedly have the “know your customer” data of more than 300,000 Fractal ID users, including cryptocurrency addresses.

user icon David Hollingworth
Thu, 17 Oct 2024
Exclusive: Stormous ransomware claims hack of blockchain identity firm Fractal ID
expand image

The Stormous ransomware gang claimed overnight to have successfully stolen over 10 gigabytes of customer data from web3 identity outfit Fractal ID.

Stormous made the claim on its darknet leak site and in more detail on its Telegram channels.

“We have extracted over 10GB of DATA from the KYC system of Fractal ID and some of its other systems,” a spokesperson of the ransomware-as-a-service operation said in a Telegram post.

============
============

KYC stands for “know your customer”, personal information used to confirm a person’s identity, such as passports and other identity documents.

“The breach includes more than 300,000 users linked to Fractal ID clients in its KYC service,” Stormous said.

“The total amount of data we managed to access exceeded 10 GB [to] 12GB, including personal photos, bank statements, proof of address, and ETH/BTC addresses.”

Included in the Telegram post, and posted to the darknet, were screenshots of what appears to be part of Fractal ID’s internal KYC systems, as well as scans of identity documents.

The gang also promised to publish a report on Fractal ID’s “data protection” at a later date.

The full dataset was apparently posted both in a later Telegram post and on its leak site. However, for now, the link appears to be inactive – a common issue with darknet sites – though the gang has also said it will provide more links shortly.

This would be the second cyber security incident the decentralised identity company has suffered this year if confirmed. Fractal ID suffered a data breach on 14 July, which it said impacted 6,300 of its customers – about 0.5 per cent of its user base of about 1.2 million.

Fractal ID explained what happened in the July incident in a 19 August blog post.

“The breach on July 14th 2024 was carried out by an unauthorised party who gained access using compromised operator credentials,” a Fractal ID spokesperson said. “This access allowed the extraction of data through an API using privileged administrative rights.”

Fractal ID brought in cyber security firm Resonance to assist in its post-incident investigation and analyse possible attack vectors and incident logs.

“Based on this information, no evidence that additional data was extracted was found within the available logs,” Fractal ID said.

“We will be working together with Resonance to further assess any potential further impact of this breach and conduct a thorough penetration test of the system.”

Cyber Daily has reached out to Fractal ID for comment on the alleged incident.

David Hollingworth

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.