DNA Testing Service 23andMe Hacked

Uploaded on 2023-10-13 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW

On Sunday October 1st, a post on a popular forum where stolen data is traded and sold claimed to have “the most valuable data you’ll ever see” and posted a link to a sample of what was described as “20 million pieces of data” from 23andMe, the DNA genetic testing company. 

The stolen information includes names, usernames, profile photos, gender, birthdays, geographical location, and genetic ancestry results. 

According to sources, a member of an online forum, where stolen data is bought and sold, says that it will be selling a massive amount of user data obtained from 23andMe. The  company is currently investigating to verify the actual amount of customer data stole and how much of their customers' data has already been offered for sale on a cyber crime forum. 

The first leak included 1 million lines of data, but on Oct. 4, the threat actor began offering bulk data profiles ranging from $1 to $10 per account in batches of 100, 1,000, 10,000, and 100,000 profiles. In a statement to CyberScoop, 23andMe said it was made aware that “certain 23andMe customer profile information was compiled through unauthorised access to individual 23andMe.com accounts” but that there is no “indication at this time that there has been a data security incident within our systems.”

The company said its preliminary investigation indicated that an attacker may have compiled login credentials leaked from other platforms and then recycled these credentials to access the accounts of 23andMe customers who had used the same username and password combination.

Management said the information obtained may have included users’ display name, profile photo, profile sex, birth year, location, predicted relationships to their match, the percent DNA match and number of shared genetic segments and portions of their genetic ancestry results, including haplogroups, which provide information about ancestry. 

23andMe has confirmed that the data is legitimate and stated that "the threat actors used exposed credentials from other breaches to access 23andMe accounts and steal the sensitive data," meaning that recycled login credentials accessed from other cyber incidents were used to gain access to accounts with the DNA company.

23andMe:    Cyberscoop:      Dark Reading:    Techcrunch:    Axios:   Bitdefender

You Might Also Read: 

NATO Secret Missile Data Found On The Dark Web:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

« IoT Security Needs A Human Touch 
British Legislators Want To Ban Live Facial Recognition »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Cyber Security Recruiters

Cyber Security Recruiters

Cyber Security Recruiters is a niche recruiting firm who finds impact players for our clients in the Information Security Space.

Celare

Celare

Celare delivers DPI based network perimeter monitoring solutions with integrated Big Data security analytics and threat detection.

Trusted CI

Trusted CI

Trusted CI, the NSF Cybersecurity Center of Excellence is comprised of cybersecurity experts who have spent decades working with science and engineering communities.

Elysium Analytics

Elysium Analytics

Elysium Cognitive Security Analytics delivers the latest and most flexible security system to reduce cost and complexity while providing unmatched scalability.

JM Search

JM Search

JM Search’s Information Technology Executives Practice sources the most sought-after technology roles including CIO, CTO, CISO, CDO and other senior posts.

TriagingX

TriagingX

TriagingX successfully created the first generation malware sandbox that is being used by many Fortune 500 companies for daily malware analysis.

Stronghold Cyber Security

Stronghold Cyber Security

Stronghold Cyber Security is a consulting company that specializes in NIST 800, the Cybersecurity Framework and the Cybersecurity Maturity Model Certification.

Tetrate.io

Tetrate.io

Tetrate Service Bridge provides enterprises with a consistent, unified way to connect and secure services across an entire mesh-managed environment.

Cyber Security Works (CSW)

Cyber Security Works (CSW)

Cyber Security Works is your organization’s early cybersecurity warning system to help prevent attacks before they happen.

WinMagic

WinMagic

At WinMagic, we’re dedicated to making authentication and encryption solutions that protect data without causing user friction so that everyone can work freely and securely.

Google Safety Engineering Center (GSEC)

Google Safety Engineering Center (GSEC)

GSEC Málaga is an international cybersecurity hub where Google experts work to understand the cyber threat landscape and to create tools that keep users around the world safer online.

Focus Group

Focus Group

Focus Group are one of the UK’s leading independent providers of essential business technology. Here to take care of all your telecoms, IT and connectivity services.

SOCRadar

SOCRadar

SOCRadar is an Extended Threat Intelligence (XTI) SaaS platform that combines External Attack Surface Management (EASM), Digital Risk Protection Services (DRPS), and Cyber Threat Intelligence (CTI).

Prequel

Prequel

Prequel is your real-time problem detection and resolution platform, powered by the global reliability community.

Harness

Harness

Harness delivers an end-to-end software delivery platform that helps engineering teams achieve the highest levels of engineering excellence.

Synergy Quantum

Synergy Quantum

Synergy Quantum has pioneered a proprietary suite of military-grade, quantum-secure communication technologies.