Source: Smith Collection/Gado / Getty / 23andMe
Nothing is safe from hackers on the web, not even the information 23andMe.
Spotted on The Verge, genetic testing and analysis company 23andMe announced on its blog site Friday, October 6, that hackers stole user data and is currently making its rounds on forums on the dark web.
According to the website, hackers utilized recycled logins to access the compromised accounts.
Another website, BleepingComputer, reports that a hacker dropped “1 million lines of data” for Ashkenazi Jewish people and was being sold for $1 – $10 per account.
The stolen data includes users’ names, profile photos, genetic ancestry results, date of birth, and geographical location. 23andMe confirmed the bad news to both websites.
Per The Verge:
The company confirmed to BleepingComputer that the data is legitimate in a statement it also shared in an email to The Verge. In the statement, 23andMe managing editor Scott Hadly wrote that “the preliminary results of this investigation suggest that the login credentials used in these access attempts may have been gathered by a threat actor from data leaked during incidents involving other online platforms where users have recycled login credentials.” He added that there was no indication of “a security incident within our systems.” BleepingComputer reports other users’ data was scraped using one of 23andMe’s own opt-in features, called ‘DNA Relatives”
In 23andMe’s blog post, there are instructions for users to reset their password and set up multi-factor authentication.
There is also a link to the company’s privacy and security checkup page while also directing users to its support team’s email if they need further assistance.
More Than 7 Million Accounts Were Affected
A PCMag report indicates that more than 7 million accounts might be in the sale getting their information from a Dark Web Informer post that included a screenshot from the now-deleted hacker forum post.
1/2 A threat actor has allegedly leaked data from 23andMe @23andMe. They claim the data has a list of half of the users of 23andMe; 7 million. The data includes a lot of confidential information. #23andMe #DNA #Clearnet #DarkWeb #DarkWebInformer #Database #Leaks #Leaked pic.twitter.com/OAj1m0gjgx
— Dark Web Informer (@DarkWebInformer) October 3, 2023
23andMe’s CEO Allegedly Knew About The Hack Two Months Prior
In a damning report from ArsTechnia, hackers claimed that 23andMe’s CEO was well aware of the stolen data two months ago but opted to keep quiet about it.
23andMe has spoken about the hack on its official X account, claiming it has conducted an investigation but has “not identified any unauthorized access” to its systems.
Following a claim that someone had gained access to and is selling certain 23andMe customer data, we conducted an investigation. We have not identified any unauthorized access to our systems. We will continue to monitor the situation.
— 23andMeSupport (@23andMeSupport) October 6, 2023
Yikes.
If you have been on the fence about giving your info to 23andMe, this news will keep you away.
—
Photo: Smith Collection/Gado / Getty