Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Genetic testing company. Show all posts

Hackers Alleged to Have Breached Millions of DNA User Profiles, Offering Data for Sale on the Internet

 

Genetic testing company 23andMe has confirmed a significant cyber attack in which hackers stole and subsequently published or sold data belonging to approximately one million individuals. The breach came to light when the hackers released a database titled "Ashkenazi DNA Data of Celebrities" on dark web forums. 

This database contained details such as display names, gender, birth years, and some information regarding users' genetic ancestry findings. It's worth noting that 23andMe is a US-based biotechnology and genomics firm that provides genetic testing services. Customers send a saliva sample to their labs and receive an ancestry and genetic predispositions report in return.

On underground forums, a post advertising the stolen data boasted of DNA profiles, potentially spanning from influential business figures to figures often mentioned in conspiracy theories. Each profile also included associated email addresses, as per reports.

Although the hacker claimed to possess data related to celebrities like Mark Zuckerberg and Elon Musk, 23andMe has not yet confirmed the veracity of these claims. 

The hacker has proposed selling the data profiles in bulk, with prices ranging from $1 to $10 per account. There are estimates, reported by PCMag, that suggest as many as seven million accounts may be available for sale.

Cybersecurity expert Professor Alan Woodward, based at the University of Surrey, highlighted that the primary value of this breach lies in the personal information that could be exploited in future scams. Details such as names, addresses, and phone numbers could be used to create targeted phishing emails, lending an air of legitimacy to potential scams.

23andMe is treating this breach as genuine and is conducting a thorough investigation into the matter. Scott Hadly, the managing editor at 23andMe, shared that initial findings suggest the login credentials used in these breaches may have been obtained by threat actors from data leaked in incidents involving other online platforms. He emphasized that there is no evidence of a security breach within their own systems.

In a statement, 23andMe affirmed, "We are taking this issue seriously and will continue our investigation to confirm these preliminary results."

''Out of caution, we are requiring that all customers reset their passwords and are encouraging the use of multi-factor authentication (MFA). If we learn that a customer's data has been accessed without their authorization, we will notify them directly with more information,'' the statement added.