Cyber intruders have gained access to the personal information of 23andMe users.
- It has been reported that information taken from 23andMe accounts has been posted for sale on a murky online marketplace.
- The hackers may have acquired the data by exploiting leaked user credentials from other websites and applications.
- A spokesperson for 23andMe has asserted that there is no sign of a breach of security within their systems.
On the Dark Web
Cyber criminals claiming to have access to the personal data of potentially millions of 23andMe customers, including names, photos, birth details, and ethnicities, are attempting to sell this information on the dark web at a high cost.
23andMe asserts that the user credentials that surfaced were from prior data breaches and that the firm’s security systems remain uncompromised.
The spokesperson for the company told Insider that early findings from the investigation show that the login details used for the access attempts likely originated from data which was exposed during other online platforms’ security incidents, where users had reused their credentials. To put it more simply, the hackers employed a tactic known as “credential stuffing”, which implies plugging in the username-password combinations taken from the data leak into 23andMe accounts.
The firm was made aware of the attack when a post appeared on Reddit, however, it has since been eliminated from the platform. Subsequently, the data has been made available on the cybercriminal forum made public by the darknet monitoring company Kaduu.
Earlier this week, an anonymous seller advertised on BreachForums that the data they had was composed of “DNA profiles of millions, from the world’s wealthiest to the dynasties often brought up in conspiracy theories,” and that it also included “corresponding email addresses,” according to a reprint of the ad on X. Wired reported that the sample data included entries for tech moguls like Mark Zuckerberg, Sergey Brin, and Elon Musk, though their authenticity could not be verified. The company is led by Anne Wojcicki — sister of former YouTube CEO Susan Wojcicki and ex-partner of Sergey Brin.
The retailer proposed profile packages starting at $1000 for 100 profiles reaching a maximum of $100,000 for 100,000 profiles. Additionally, for each 10,000-unit bundle they presented an option for installment payments.
A different post on BreachForums, which was also disseminated to X, stated that the data included “half of 23andMe’s total members”. The company, which has 14 million users, has not yet confirmed the quantity of hacked accounts and also mentioned that no raw genetic info was shared.
The company’s initial investigation has indicated that only a limited number of user accounts were hacked, but the hackers were able to collect data from some other 23andMe users by way of the DNA Relatives feature. This feature gives users the ability to connect with and view information about other users with whom they have a “recent ancestor” which is up to nine generations back, as stated on the company’s website.
23andMe did not affirm if the attack was aimed at any specific ethnic group. This week, a post on BreachForums made claims about a “1 million Ashkenazi database.” The company indicates that even with a mere 1% Jewish heritage, an individual could be labeled as Ashkenazi Jew. Those with European or Ashkenazi roots could expect to find quite a few matches with the DNA Relatives feature, in comparison to those with Asian or Middle Eastern ancestry, as noted on the 23andMe website. Wired relayed that “hundreds of thousands of users of Chinese descent” may have been affected by the leak.
Since its founding in 2006, 23andMe has gained attention for its saliva tests that can detect genetic predispositions, ancestry, and inherited traits. The organization allows users to opt-in to share their data anonymously with third parties as long as they provide their consent. The company is now recommending that customers enable multi-factor authentication to avert potential breaches.
Leave a Reply