23andMe Hacker Leaks New Tranche of Stolen Data
Two weeks after the first data leak from the DNA ancestry service, the threat actor produces an additional 4 million user records they purportedly stole.
A threat actor who claimed responsibility for the compromise of the 23andMe site earlier this month has released a new dataset, including the records of more than 4 million people's genetic ancestry.
The cybercriminal, known by the handle Golem, alleges in a cybercrime Dark Web forum the stolen data includes information on, "the wealthiest people living in the US and Western Europe," according to reports.
23andMe spokesperson Andy Kill said in a statement the organization is still trying to confirm whether the most recently leaked data is genuine.
Prior to this most recent leak, an Oct. 1 post on a Dark Web forum by Golem claimed they have a total of 20 million individual pieces of 23andMe data and leaked 1 million lines of data as a teaser, along with an offer to bulk sell data profiles.
23andMe confirmed in early October that users who opted to share information through its "DNA Relatives" were impacted and suggested the breach was a result of a credential stuffing cyberattack.
"After learning of suspicious activity, we immediately began an investigation," 23andMe's disclosure said. "While we are continuing to investigate this matter, we believe threat actors were able to access certain accounts in instances where users recycled login credentials — that is, usernames and passwords that were used on 23andme were the same as those used on other websites that have been previously hacked."
About the Author(s)
You May Also Like
Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks
May 16, 2024Why Effective Asset Management is Critical to Enterprise Cybersecurity
May 21, 2024Finding Your Way on the Path to Zero Trust
May 22, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024