Let this soak in...
A subsidiary of UnitedHealth Group was breached in February 2024 by a hacking gang operating as ALPHV. The hackers breached a server that did not have two-factor authentication enabled using stolen credentials and moved within the system for several days exfiltrating data before deploying ransomware. UnitedHealth estimates that 190 million people were affected in the massive cyberattack that took down its services a year ago.
UnitedHealth Group CEO Andrew Witty told legislators last summer during a hearing on the cyberattack that a third of Americans were likely impacted. The cyberattack posed a significant financial cost to UnitedHealth, with the company projecting that it would take a $2.9 billion hit.
The internet is broken — from complex password requirements to handing over your email address, phone number, drivers license, passport, and more. The very same data that threat actors are looking to steal, target, and monetize.
Websites and apps — and the users who rely on them — have become complacent in the signup and login status quo. There hasn’t been a viable alternative since the 1960s with the creation of the Compatible Time-Sharing System (CTSS) at the Massachusetts Institute of Technology (MIT).
Sure, there’s been "Sign in with" (where your data is used to track, share, and market ads), Time-based One-Time Password (TOTP) authentication, email / SMS security codes (which can be intercepted) and passkeys, but all of these have serious drawbacks: difficult to implement, overwhelming for users, privacy risks, security risks, and the bottom line for business — costs.
And cyberattacks aren’t just a problem consumers and organizations have. It’s a societal problem. A bot problem:
- Companies lost $238.7 billion in 2024 due to bot-driven costs, from hosting to wasted ad spend, forcing businesses to rethink marketing, analytics, and engagement strategies.
- Bots, now likely 50-75% of web traffic, automate credential stuffing (trying stolen logins en masse). With an estimated 5.2 billion people reusing passwords, one breach unlocks multiple accounts.
- Accounts linked across Big Tech platforms (e.g., “Sign in with”) create privacy dominoes — one breach ripples wide. The 2023 MOVEit breach exposed millions via third-party vendors, and with supply chain attacks up 430% in 2024 (per Argus), this risk grows. Users rarely grasp how much data flows to partners.
It all comes down to how we verify who we are online by using things like usernames and emails and phone numbers. That’s all tied to our personal information. It’s like we’re giving away a map to our digital lives, and the scariest part is that all of that personal information, it’s what cybercriminals are after (and they’re getting really good at stealing it, too). Threat actors are also getting sophisticated, especially with easy access to artificial intelligence used for carrying out widespread attacks.
That’s why anonymous authentication is such a game changer. Because it breaks the link between who we are, and our sensitive data.
If data is the new gold, then Changefly is the world’s most advanced digital Fort Knox.
We knew something different needed to be done to simplify account protection and the growing threat to personal data, so we set our sights on changing the status quo. We were invited to join the Google Cloud Startup Program, where we attracted over 300 developers wanting to gain valuable experience working hands-on with privacy and security (102 applicants were accepted into the internship program). Three years later and with thousands of iterations under Changefly’s belt, Changefly ID became a reality.
At the core of Changefly’s advanced anonymous authentication protocol is Changefly ID, a cryptographically secure, temporary unique identifier that eliminates the need for traditional sign-ups, logins, passwords, or personal data — simplifying the user experience and significantly reducing the risks associated with AI bots, scams, and data breaches.
Instead of signing up or logging in with your personal info, you use a temporary, unique identifier. Think of it as a one-time digital token. It’s like a secret code that proves who you are, without revealing your actual identity. Every time you log in, you’re using a brand new Changefly ID, which streamlines the whole process. It’s easier for users and way more secure.
Privacy is fundamental to protecting personal and business users, especially at a time when the threat landscape is rapidly changing with advancements in artificial intelligence. Changefly is not just patching holes — we are rebuilding the foundation.
Our mission is to build a safer internet — to proactively stop evolving cyber threats and empower users to navigate the digital world with confidence. If data is the new gold, then Changefly is the world’s most advanced digital Fort Knox.
The Deep Dive: Changefly ID
Are you a developer?
Use Changefly ID for faster sign-ups, sign-ins, user paywalls, bot paywalls, loyalty programs, user comments, surveys, and more. Best of all, we’re making Changefly ID available for free (see our mission below). Check out our research, read the Developer API, and start using Changefly ID in less than 5 minutes. It’s really that easy.
About Changefly
Changefly’s mission is to create a safer internet, and we firmly believe that privacy is fundamental to protecting personal and business users in the digital age. Changefly’s innovative approach minimizes the collection of personally identifiable information, aligning with privacy regulations like GDPR, CCPA, and HIPAA. By leveraging advanced security features like anonymized end-to-end data encryption, machine-learning algorithms, and distributed threat intelligence, Changefly aims to proactively stop evolving cyber threats and empower users to navigate the digital world with confidence.