[ad_1]
Wired reported that 23andMe customer data was stolen by hackers and posted for sale on BreachForum.
On Friday (October 6), the company confirmed that data had been compromised, but said there had not been a data breach. Instead, the hackers guessed users’ logins and then used DNA Relatives, an opt-in 23andMe feature where users share information with each other to gather more data.
Discord.io Suffers Massive Data Breach, Announces Shutdown
According to Wired, the stolen data appears to be a targeted attack on Ashkenazi Jews, as the hacker who posted the sample data on BreachForum, “claimed to contain more than 1 million data points exclusively about Ashkenazi Jews,” according to Wired. According to. Additionally, the data of hundreds of thousands of Chinese decent users was leaked.
“We were made aware that certain 23andMe customer profile information was compiled through access to individual 23andMe.com accounts,” the company said in a statement to Wired. “We believe the threat actor may have accessed 23andme.com accounts without authorization and obtained information from those accounts, in violation of our Terms of Service.”
Hacker 23andMe is selling data profiles for between $1 and $10 and sample data includes Mark Zuckerberg, Elon Musk, and Sergey Brin. These profiles include name, gender, year of birth, and some additional genetic information. But 23andMe told Wired that, while the data was compromised, the sample data has not been verified by the company.
The method likely used in the leak was “credential stuffing,” a technique where previously compromised credentials are used on other accounts. This is effective because people reuse passwords. 23andMe recommends that users enable two-factor authentication to protect themselves from being hacked.
Titles
Privacy of apps and software
