23andMe Cyberbreach Exposes DNA Data, Potential Family Ties23andMe Cyberbreach Exposes DNA Data, Potential Family Ties
The information leaked in the breach involves personally identifiable information as well as genetic ancestry data, potential relatives, and geolocations.
October 6, 2023
23andMe, the popular DNA testing company, has launched an investigation after client information was listed for sale on a cybercrime forum this week.
On Oct. 1, a post was published on the forum with a link to a sample of allegedly "20 million pieces of data" from the genetic testing company, claiming that it was "the most valuable data you'll ever see." The first leak included 1 million lines of data, but on Oct. 4, the threat actor began offering bulk data profiles ranging from $1 to $10 per account in batches of 100, 1,000, 10,000, and 100,000 profiles.
The information leaked in the breach includes names, usernames, profile photos, gender, birthdays, geographical location, and genetic ancestry results.
23andMe has confirmed that the data is legitimate and stated that "the threat actors used exposed credentials from other breaches to access 23andMe accounts and steal the sensitive data," meaning that recycled login credentials accessed from other cyber incidents were used to gain access to accounts with the DNA company.
According to other reports of the breach, many of the compromised accounts were those that had opted into the "DNA Relatives" feature available on the 23andMe platform. The threat actor accessed a limited number of accounts and "was able to scrape data associated with potential relatives," company officials said.
The scope of the breach remains unclear, and it is unknown whether the threat actors have been in contact with 23andMe directly.
About the Author(s)
You May Also Like
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023
9 Traits You Need to Succeed as a Cybersecurity Leader
The Ultimate Guide to the CISSP
Quantifying the Gap Between Perceived Security and Comprehensive MITRE ATT&CK Coverage
Building Immunity: The 2021 Healthcare and Pharmaceutical Industry Cyber Threat Landscape Report
Managed Security and the 3rd Party Cyber Risk Opportunity Whitepaper