Search This Blog

Powered by Blogger.

Blog Archive

Labels

Unravelling the 23andMe Data Leak: A Deep Dive into the Extent of the Breach

Hackers claim to have gained access to millions of 23andMe user-profiles and genetic information.

 


Hackers have claimed to have accessed "millions" of profiles of 23andMe.com users, which are a popular genetic testing service that has been around for several years. To be able to sell the information of potentially millions of 23andMe customers for thousands of dollars, hackers have claimed to have access to the names, photos, birth details, and ethnicities of those customers. 

There is no indication that 23andMe's security systems have been breached, according to the company's security policy, and data from previous breaches of data appears to have been used to gather the data. There has been another leak of millions of user records that have been leaked in recent days, including the same hacker who leaked information about 23andMe's genetic tests two weeks ago. 

An individual under the name Golem has posted to BreachForums, a network that is known to be used by cybercriminals, a new dataset containing the personal information of four million 23andMe users. The dataset is believed to have been released on Tuesday. 

Despite not being compromised, the attacker managed to gain access to the data of several users who opted to use the DNA Relatives feature on their computers. By taking advantage of the DNA Relatives feature, the attacker was able to access the personal information of many users who were not themselves compromised but had opted in to get the updates. 

The attack will have an even greater impact as a result of this. If both uncompromised and compromised accounts have selected DNA Relatives, the information from both accounts might be on the compromised account since both accounts have had the option to do so. 

Consequently, one attack could potentially lead to the leakage of a wider spectrum of information in the long run. Though passwords of other users are still secure, even if they lack in strong password security as reports have emerged indicating that some of the newly leaked stolen data matched genetic information and user IDs of known 23andMe users who were publically available. 

There is a lot of information about people who have immigrated from Great Britain to the United States, including data from "the most wealthy people in the U.S. and Western Europe on this list, as well as information about people who have immigrated from Great Britain." 

It has been reported today that 23andMe has been made aware of a new data leak, which has led Andy Kill, the spokesperson for the company, to share that the company is examining the data to determine if it is legitimate. It was revealed on October 6th that 23andMe was breached by hackers, claiming that they used credential stuffing as a method for obtaining some user data, a technique that consists of trying combinations of usernames or emails with passwords that are already public from previous data breaches to amass the stolen information. 

The company believes the hackers accessed a much smaller number of user accounts, based on the preliminary investigation it has conducted, but managed to scrape the data of several other 23andMe users through a feature called DNA Relatives, which was designed to let people share their DNA results. 

With this feature, users can connect with other users whom they share a recent ancestor with –which according to their website is defined as nine generations or less back – and see information and share details about them. Furthermore, 23andMe had not confirmed whether this attack was directed at any specific ethnic group, no matter what the ethnicity of the victims. 

It has been reported in BreachForums that a data sample of "1 million Ashkenazi individuals" apparently was breached earlier this week. However, the company claims that it is safe to assume that an individual with just 1% Jewish ancestry can be regarded as Ashkenazi. As 23andMe also notes on its website, individuals with European or Ashkenazi ancestry are more likely than those with Asian or Middle Eastern ancestry to have a lot of matches through the DNA Relatives feature compared to those with other ancestries. 

A major security breach has compromised 23andMe's user profiles and genetic information, which includes names, photos, birthdates, and ethnicities of more than six million 23andMe users. The breach is reportedly a result of the DNA Relatives feature. Despite the fact that 23andMe has yet to confirm whether a specific ethnic group has been targeted by the breach, concerns are raised because the company is investigating the legitimacy of this breach in order to secure user information. Moreover, it is very important for users to keep a watchful eye on their account security settings and to remain vigilant. 
Share it:

23andMe

Cyberattack

CyberCrime

Cybersecurity

Data Breach

Data Leak

DNA