Friday, June 14, 2024
RSS

Hackers are selling the data of millions lifted from 23andMe’s genetic database

In a shocking revelation, it has been reported that hackers are now selling the data of millions of users that was stolen from 23andMe’s genetic database. The breach occurred when hackers used stolen credentials and manipulated one of the platform’s own features to obtain and scrape user data. The leaked data, which is being sold on dark web forums, includes sensitive information such as names, profile photos, genetic ancestry results, date of birth, and geographical location. While 23andMe has confirmed the legitimacy of the data, they claim there is no indication of a security incident within their systems. This alarming situation raises concerns about the security and privacy of personal genetic information and highlights the importance of strong cybersecurity measures.

Hackers are selling the data of millions lifted from 23andMe’s genetic database

Hackers are selling the data of millions lifted from 23andMe’s genetic database

This image is property of duet-cdn.vox-cdn.com.

Overview

In a shocking turn of events, it has recently come to light that hackers have stolen and are now selling the data of millions of users from 23andMe’s genetic database. This breach in security has serious implications for the privacy and security of 23andMe users, as their sensitive genetic information is now in the hands of malicious actors. In this article, we will delve into the details of the attack methodology, the data that has been leaked, and the response from both 23andMe and its CEO.

Attack Methodology

The hackers behind this data breach reportedly used stolen credentials to gain access to 23andMe’s platform. However, they also leveraged one of 23andMe’s own features, known as ‘DNA Relatives’, to scrape additional data from user accounts. This highlights a significant vulnerability within 23andMe’s own systems, as hackers were able to exploit a feature that was meant to enhance user experience and connection. Additionally, it is believed that the hackers may have also gathered data leaked from other online platforms where users had recycled their login credentials.

Hackers are selling the data of millions lifted from 23andMe’s genetic database

This image is property of duet-cdn.vox-cdn.com.

Data Leaked

The data that has been leaked from 23andMe’s genetic database includes users’ names, profile photos, genetic ancestry results, date of birth, and geographical location. This sensitive information can be a goldmine for malicious actors, as it provides them with valuable insights about users’ genetic makeup and personal identities. The extent of the data breach is still being investigated, but it is estimated that as many as 7 million accounts may be affected.

Confirmation from 23andMe

23andMe has confirmed the legitimacy of the leaked data in a statement to BleepingComputer. Scott Hadly, the managing editor of 23andMe, explained that the login credentials used by the hackers may have been obtained from data leaked during incidents involving other online platforms. He reassured users that there is no indication of a security incident within 23andMe’s own systems. However, this raises questions about the level of security and protection that 23andMe has in place to safeguard its users’ data.

Hackers are selling the data of millions lifted from 23andMe’s genetic database

This image is property of duet-cdn.vox-cdn.com.

Involvement of 23andMe’s Own Feature

The ‘DNA Relatives’ feature, which was designed to help users connect with genetic relatives, inadvertently played a role in this data breach. Hackers were able to scrape additional data from user accounts through this feature, further compromising users’ privacy and security. This highlights the need for companies like 23andMe to thoroughly assess and address potential vulnerabilities within their own features to prevent such breaches in the future.

Instructions for Users

If you are a 23andMe user, it is crucial to take immediate action to protect your account and your data. 23andMe has provided instructions for password resets and multi-factor authentication setup on its blog post addressing the leaked data. It is highly recommended that you follow these guidelines to enhance the security of your account. Additionally, 23andMe has included a link to its privacy and security checkup page, where you can review and update your privacy settings. If you require further assistance, you can reach out to 23andMe’s support team for help.

Hackers are selling the data of millions lifted from 23andMe’s genetic database

This image is property of duet-cdn.vox-cdn.com.

Magnitude of the Data Breach

The data breach at 23andMe is of significant magnitude, potentially impacting as many as 7 million accounts. This accounts for roughly half of the total number of users on 23andMe’s platform. The sheer scale of this breach underscores the need for heightened security measures and stricter protocols to protect users’ personal information and genetic data. It also highlights the growing threat of data breaches and the need for individuals to be vigilant about their online security.

Allegations against CEO

In a shocking twist, there have been allegations that 23andMe’s CEO had prior knowledge of the leaked data but failed to disclose the incident. Hackers claimed that the CEO was aware of the breach two months before it became public knowledge. If these allegations are true, it raises serious concerns about the corporate responsibility and accountability of 23andMe’s leadership. Further investigations will be necessary to determine the veracity of these claims.

Hackers are selling the data of millions lifted from 23andMe’s genetic database

This image is property of duet-cdn.vox-cdn.com.

Support from 23andMe

Despite the allegations against its CEO, 23andMe has released a statement on its blog offering support and guidance to its users. The company has provided instructions for password resets and multi-factor authentication setup, as well as a link to its privacy and security checkup page. This demonstrates that 23andMe is taking this data breach seriously and is committed to addressing the issue and supporting its users through this challenging time.

Conclusion

The data breach at 23andMe has serious implications for the privacy and security of its users. The stolen data, which includes sensitive genetic information, is now being sold on dark web forums by malicious actors. The involvement of 23andMe’s own feature in facilitating the breach raises questions about the company’s security practices and protocols. As a 23andMe user, it is important to follow the provided instructions for password resets and multi-factor authentication setup to protect your account. Moving forward, it is crucial for companies like 23andMe to learn from this incident, strengthen their security measures, and prioritize the safeguarding of users’ genetic data.

Source: https://www.theverge.com/2023/10/7/23907330/23andme-leak-hackers-selling-user-dna-data