DNA Testing Service 23andMe Hacked

On Sunday October 1st, a post on a popular forum where stolen data is traded and sold claimed to have “the most valuable data you’ll ever see” and posted a link to a sample of what was described as “20 million pieces of data” from 23andMe, the DNA genetic testing company. 

The stolen information includes names, usernames, profile photos, gender, birthdays, geographical location, and genetic ancestry results. 

According to sources, a member of an online forum, where stolen data is bought and sold, says that it will be selling a massive amount of user data obtained from 23andMe. The  company is currently investigating to verify the actual amount of customer data stole and how much of their customers' data has already been offered for sale on a cyber crime forum. 

The first leak included 1 million lines of data, but on Oct. 4, the threat actor began offering bulk data profiles ranging from $1 to $10 per account in batches of 100, 1,000, 10,000, and 100,000 profiles. In a statement to CyberScoop, 23andMe said it was made aware that “certain 23andMe customer profile information was compiled through unauthorised access to individual 23andMe.com accounts” but that there is no “indication at this time that there has been a data security incident within our systems.”

The company said its preliminary investigation indicated that an attacker may have compiled login credentials leaked from other platforms and then recycled these credentials to access the accounts of 23andMe customers who had used the same username and password combination.

Management said the information obtained may have included users’ display name, profile photo, profile sex, birth year, location, predicted relationships to their match, the percent DNA match and number of shared genetic segments and portions of their genetic ancestry results, including haplogroups, which provide information about ancestry. 

23andMe has confirmed that the data is legitimate and stated that "the threat actors used exposed credentials from other breaches to access 23andMe accounts and steal the sensitive data," meaning that recycled login credentials accessed from other cyber incidents were used to gain access to accounts with the DNA company.

23andMe:    Cyberscoop:      Dark Reading:    Techcrunch:    Axios:   Bitdefender

You Might Also Read: 

NATO Secret Missile Data Found On The Dark Web:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

 

« IoT Security Needs A Human Touch 
British Legislators Want To Ban Live Facial Recognition »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Systancia

Systancia

Systancia offer solutions for the virtualization of applications and VDI, external access security, Privileged Access Management (PAM), Single Sign-On (SSO) and Identity and Access Management (IAM).

qSkills

qSkills

QSkills is an independent training provider specialized high-quality IT and IT management training courses including IT security.

Xcina Consulting (XCL)

Xcina Consulting (XCL)

Xcina Consulting provides high quality business and technology risk assurance and advisory services.

National Cyber Summit (NCS)

National Cyber Summit (NCS)

The National Cyber Summit is the preeminent event for cyber training, education and workforce development aimed at protecting our nation's infrastructure from the ever-evolving cyber threat.

Computer Forensics Consult (CFC)

Computer Forensics Consult (CFC)

Computer Forensics Consult provides disaster recovery, computer forensics, electronic discovery and litigation support services in the growing area of Cyber Security.

IBLISS Digital Security

IBLISS Digital Security

How cyber-resilient is your business now? We help companies to continuously answer this never-ending C-level question.

Scythe

Scythe

SCYTHE is a next generation red team platform for continuous and realistic enterprise risk assessments.

Veridium

Veridium

Veridium is a leader in single step - multi factor biometric authentication, designed to safeguard enterprises’ most critical assets.

MicroSec

MicroSec

MicroSec is a company specializing in IoT security. We focus on bringing enterprise grade security to IoT and embedded systems.

Packetlabs

Packetlabs

Packetlabs specializes in penetration testing services and application security.

BriskInfosec Technology & Consulting

BriskInfosec Technology & Consulting

BriskInfosec provides information security services, products and compliance solutions to our customers.

Myota

Myota

Myota intelligently equips each file to be resilient and achieve Zero Trust-grade protection. Withstand ransomware and data breach attacks. Reduce data restoration time and effort.

Anjuna Security

Anjuna Security

Software from Anjuna Security effortlessly enables enterprises to safely run even their most sensitive workloads in the public cloud.

ABPCyber

ABPCyber

ABPCyber offers holistic cybersecurity solutions spanning DevSecOps, advisory and consultancy, designing and integration, managed operations, and cybersecurity investment optimization.

Cribl

Cribl

Cribl, the Data Engine for IT and Security, empowers organizations to transform their data strategy.

Lupasafe

Lupasafe

Lupasafe is a software for businesses to see IT risks and insights, and provide vital training for employees.