23andMe Hacker Leaks New Tranche of Stolen Data

Two weeks after the first data leak from the DNA ancestry service, the threat actor produces an additional 4 million user records they purportedly stole.

Dark Reading Staff, Dark Reading

October 19, 2023

1 Min Read
23andme office signage
Source: michelmond

A threat actor who claimed responsibility for the compromise of the 23andMe site earlier this month has released a new dataset, including the records of more than 4 million people's genetic ancestry.

The cybercriminal, known by the handle Golem, alleges in a cybercrime Dark Web forum the stolen data includes information on, "the wealthiest people living in the US and Western Europe," according to reports.

23andMe spokesperson Andy Kill said in a statement the organization is still trying to confirm whether the most recently leaked data is genuine.

Prior to this most recent leak, an Oct. 1 post on a Dark Web forum by Golem claimed they have a total of 20 million individual pieces of 23andMe data and leaked 1 million lines of data as a teaser, along with an offer to bulk sell data profiles.

23andMe confirmed in early October that users who opted to share information through its "DNA Relatives" were impacted and suggested the breach was a result of a credential stuffing cyberattack.

"After learning of suspicious activity, we immediately began an investigation," 23andMe's disclosure said. "While we are continuing to investigate this matter, we believe threat actors were able to access certain accounts in instances where users recycled login credentials — that is, usernames and passwords that were used on 23andme were the same as those used on other websites that have been previously hacked."

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights