OAN’s Elizabeth Volberding
6:00 PM – Thursday, October 19, 2023
23andMe, a popular genetics testing company, recently confirmed that data from its users has been hacked and the company is now in the process of investigating the breach.
Advertisement
It has been reported that a few million data points from the 23andMe user accounts have been revealed on Breach Forums, a cybercrime marketplace, leaking a trove of user information which was stolen from the company’s subset of data.
23andMe is a well-known biotechnology company that breaks down ancestry history, providing DNA testing services, family history information, and personalized health insights.
Hackers posted the data on Breach Forums, claiming that it contains 1 million genetic data points “solely from Ashkenazi Jews.” There were also hundreds of thousands of users of Chinese nationality who were affected by the leak.
The hackers’ specific reference of “Ashkenazi Jews” alarmed many Jewish individuals, particularly in light of the ongoing conflict between Israel and Hamas and the increasing prevalence of anti-Semitism.
On Wednesday, the unnamed hackers started selling 23andMe profiles. Depending on the purchase amount, each user profile costs anywhere from $1 to $10.
A person’s display name, sex, birth year, and additional information regarding their genetic ancestry—such as whether they are, for example, “broadly European” or “broadly Arabic”—are among the elements included in the data.
“Credential stuffing never really went away and a lot of it just comes down to the fact that humans reuse their passwords—that’s what makes it possible,” said Ronnie Tokazowski, a digital scams researcher. “And the fact that it’s claiming to target a Jewish population or celebrities—it’s not shocking. It reflects the underbelly of the internet.”
On Tuesday, a hacker who goes by the name of “Golem” published new data of 23andMe information containing user ancestry details. This leak contained about four million records from private user data and was shared on the cybercrime forum.
Golem claimed that the dataset also holds details on people who come from Great Britain, including information from “the wealthiest people living in the U.S. and Western Europe on this list.”
However, the genetic testing company has informed the public that it is in the process of working to verify the data.
Andy Kill, a 23andMe spokesperson, made an announcement in an emailed statement regarding the recent leak. Kill stated that the company is in the process of “reviewing the data to determine if it is legitimate.”
23andMe stated that hackers had retrieved some user data via “credential stuffing.” This means that a common strategy hackers use is to try combinations of usernames or emails and corresponding passwords that have previously been made public from external data breaches.
Therefore, 23andMe has since encouraged users to change their passwords and have been prompted to switch on multi-factor authentication.
Stay informed! Receive breaking news blasts directly to your inbox for free. Subscribe here. https://www.oann.com/alerts
Advertisement
By: OAN
