DNA Testing Service 23andMe Hacked

Uploaded on 2023-10-13 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW

On Sunday October 1st, a post on a popular forum where stolen data is traded and sold claimed to have “the most valuable data you’ll ever see” and posted a link to a sample of what was described as “20 million pieces of data” from 23andMe, the DNA genetic testing company. 

The stolen information includes names, usernames, profile photos, gender, birthdays, geographical location, and genetic ancestry results. 

According to sources, a member of an online forum, where stolen data is bought and sold, says that it will be selling a massive amount of user data obtained from 23andMe. The  company is currently investigating to verify the actual amount of customer data stole and how much of their customers' data has already been offered for sale on a cyber crime forum. 

The first leak included 1 million lines of data, but on Oct. 4, the threat actor began offering bulk data profiles ranging from $1 to $10 per account in batches of 100, 1,000, 10,000, and 100,000 profiles. In a statement to CyberScoop, 23andMe said it was made aware that “certain 23andMe customer profile information was compiled through unauthorised access to individual 23andMe.com accounts” but that there is no “indication at this time that there has been a data security incident within our systems.”

The company said its preliminary investigation indicated that an attacker may have compiled login credentials leaked from other platforms and then recycled these credentials to access the accounts of 23andMe customers who had used the same username and password combination.

Management said the information obtained may have included users’ display name, profile photo, profile sex, birth year, location, predicted relationships to their match, the percent DNA match and number of shared genetic segments and portions of their genetic ancestry results, including haplogroups, which provide information about ancestry. 

23andMe has confirmed that the data is legitimate and stated that "the threat actors used exposed credentials from other breaches to access 23andMe accounts and steal the sensitive data," meaning that recycled login credentials accessed from other cyber incidents were used to gain access to accounts with the DNA company.

23andMe:    Cyberscoop:      Dark Reading:    Techcrunch:    Axios:   Bitdefender

You Might Also Read: 

NATO Secret Missile Data Found On The Dark Web:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

« IoT Security Needs A Human Touch 
British Legislators Want To Ban Live Facial Recognition »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ACIS Professional Center

ACIS Professional Center

ACIS provides training and consulting services in the area of information technology, cybersecurity, IT Governance, IT Service management, information security and business continuity management.

InfoSec People

InfoSec People

InfoSec People is a boutique cyber and technology recruitment consultancy, built by genuine experts.

Korea Internet & Security Agency (KISA)

Korea Internet & Security Agency (KISA)

KISA is committed to improving the competitiveness, reliability and security of Internet information and knowledge in Korea.

Zanasi & Partners

Zanasi & Partners

Zanasi & Partners is a security research and advisory company active in the EU and MENA areas. Services focus on technology solutions.

Entreda

Entreda

Entreda offers a unified platform to automate cybersecurity and compliance policy enforcement for your devices, users, networks, applications.

At-Bay

At-Bay

At-Bay offer an end-to-end solution to cyber risk with comprehensive risk assessment, a tailored cyber insurance policy and year-long, active, risk-management service.

Jobsite

Jobsite

Jobsite is an award winning job board in the UK providing job listings in the key sectors of IT, Engineering and Finance.

Ergo

Ergo

Ergo is a world-class IT Partner of choice, leveraging the latest technology available in cloud, mobility, big data, analytics, and social media.

MyDocSafe

MyDocSafe

MyDocSafe is an all-in-one document security and e-sign software.

NightDragon

NightDragon

NightDragon is a venture capital firm investing in innovative growth and late stage companies within the cybersecurity, safety, security, and privacy industry.

Amidas Hong Kong

Amidas Hong Kong

Amidas is your trusted companion on the road to Digital Transformation. We provide a full range of Information Technology Solutions and Professional Services to Enterprise customers.

Prima Cyber Solutions (PCS)

Prima Cyber Solutions (PCS)

Prima Cyber Solutions is focused on protecting your business from the massive and devastating impacts that cyber-attacks may cause.

CryptoDATA

CryptoDATA

CryptoDATA develops products and services based on Blockchain technology, that ensure user security and data encryption, applicable in various fields.

L&T Technology Services (LTTS)

L&T Technology Services (LTTS)

L&T Technology Services Limited (LTTS) is a global leader in Engineering and R&D (ER&D) services.

BBS Technology

BBS Technology

BBS Technology is a company that develops and delivers next-generation cyber security technologies worldwide.

Cynclair

Cynclair

Cybersecurity is a complex beast. And we're the beast-tamers. Our team thrives on deciphering the latest threats, building cutting-edge defenses, and making your digital world much safer.