Top 50            Stocks to Buy

Data & Security

Data Breach Alert: Genetic Test Giant 23andMe User Info Sold on Dark Web

23andMe data leaked

On the dark web, hackers are selling thousands of dollars’ worth of 23andMe customer details, including names, photos, birth dates, and ethnicities.

23andMe said the data was gathered from credentials exposed in prior data breaches, and its security systems have not been compromised.

As a result of this investigation, it appears that the login credentials used in these access attempts were gathered by a threat actor from data leaked during incidents involving other online platforms where users recycled login credentials. In a technique known as “credential stuffing,” the hackers inserted leaked username-password combinations into 23andMe accounts.

A Reddit post first alerted the company to the attack. Since then, hackers have been hawking the data on the cybercrime marketplace BreachForums.

Earlier this week, an anonymous seller posted a listing on BreachForums claiming to have access to DNA profiles of various individuals, including “world-renowned business tycoons and secretive dynasties.” The seller also mentioned that the data included corresponding email addresses. This information was re-posted on X. According to Wired, the provided sample data supposedly includes entries for prominent tech executives such as Mark Zuckerberg, Sergey Brin, and Elon Musk. However, it is uncertain whether these entries are authentic. The company responsible for this data is led by Anne Wojcicki, sister of former YouTube CEO Susan Wojcicki and ex-wife of Sergey Brin.

The seller offered profile bundles starting at $1000 for 100 profiles and going all the way up to $100,000 for 100,000 profiles, with incremental payment options for each bulk purchase of 10,000 profiles.

According to a post on BreachForums, which was also reposted to X, the data contained “half of 23andMe’s members.” However, the company has yet to confirm how many accounts were compromised.

The company believes that the hackers were able to scrape the data of several other 23andMe users through a feature called DNA Relatives despite having access to a much smaller number of accounts. By using the feature, users can connect with others they share a “recent ancestor” with — which they define as less than nine generations back.

23andMe did not specify if the attack targeted a specific ethnic group. According to a post on BreachForums, the data sample was labeled as “1 million Ashkenazi database” earlier this week. However, the company clarifies that an individual can be considered Ashkenazi Jew even with just 1% Jewish ancestry. The DNA Relatives feature is expected to show more matches for those with European or Ashkenazi heritage compared to those with Asian or Middle Eastern ancestry, as stated on 23andMe’s website. Additionally, Wired reported that there could be “hundreds of thousands of users of Chinese descent” impacted by the leak.

In 2006, 23andMe made waves for its saliva tests that could reveal genetic predispositions, ancestry, and inherited characteristics. In order to prevent further attacks, the company encourages users to enable multi-factor authentication — which it shares anonymized user data with third parties with their consent.

Also Read:

Editorial Director
I'm Shruti Mishra, Editorial Director @Newsblare Media, growing up in the bustling city of New Delhi, I was always fascinated by the power of words. This love for words and storytelling led me to pursue a career in journalism. In this position, I oversee the editorial team and plan out content strategies for our digital news platform. I am constantly seeking new ways to engage readers with thought-provoking and impactful stories.

Leave a Reply

Your email address will not be published. Required fields are marked *