U.S. biotech agency 23andMe’s person knowledge was leaked and is now circulating on hacker boards. 23andMe confirmed the information leak’s authenticity to BleepingComputer and says it believes a credential-stuffing assault is in charge.
23andMe person knowledge provided on the market
Just a few days in the past, 1 million strains of information particular to Ashkenazi people started circulating on hacker boards. Then, on Oct. 4, the cybercriminal who had leaked the user-data pattern purportedly stolen from 23andMe started providing to promote particular person profile datasets for $1-$10 every, with the worth various based mostly on the variety of datasets bought.
23andMe has now confirmed the authenticity of the information to BleepingComputer. A spokesperson indicated that hackers probably used credentials leaked from breaches on different platforms. “We don’t see proof of a safety incident inside our techniques,” they added.
The data uncovered in 23andMe’s person knowledge leak allegedly consists of customers’ names, places, birthdays, intercourse, pictures, and genetic ancestry outcomes. BleepingComputer’s personal investigation discovered that the variety of bought accounts doesn’t at the moment match the whole variety of breached 23andMe accounts.
BleepingComputer famous the breached accounts had activated 23andMe’s DNA Kinfolk function, which lets customers uncover and join with genetic family). Initially accessing solely a restricted variety of accounts, the hacker might then scrape knowledge from the customers’ networks of DNA Relative matches.
ReadWrite has not but independently confirmed these statements however has requested additional particulars on the investigation from 23andMe. Nonetheless, customers ought to all the time comply with correct digital hygiene by by no means repeating account credentials throughout web sites, utilizing sturdy passwords, and enabling two-factor authentication when potential. Regardless that 23andMe affords and recommends utilizing 2fa safety, this latest knowledge breach additionally means that networking options like DNA Kinfolk are one more vulnerability.