This breach highlights the ongoing challenges in maintaining data security, especially in today’s centralized storage systems.
Blockchain identity platform Fractal ID has published a postmortem outlining the data breach that the company suffered on July 14. The breach has since been traced back to a 2022 incident where an employee reused a compromised password.
According to Fractal ID, the compromised account belonged to an operator with the platform for three years and had admin rights. This allowed the attacker to bypass internal data privacy systems, though system monitoring helped lock out the attacker within 29 minutes.
The operator’s failure to follow operational security policies and training, along with the reuse of credentials from past hacks, facilitated the breach.