Genetic testing firm 23andMe confirms data sale, launches investigation.
Genetic testing company 23andMe has launched an investigation into a potential data breach after the personal data of millions of users was discovered for sale on the dark web.
A hacker has advertised the personal information of seven million users on an online forum, including details such as origin estimation, phenotype, health information, photos, and identification data.
The post was captured by Dark Web Informer, who shared it on X (formerly known as Twitter) on Oct. 4. The hacker claims that 23andMe’s CEO was aware of the “hack” two months ago and that they obtained “13 million pieces of data.”Another hacker has advertised sample data of one million users with Ashkenazi heritage on a hacking online forum. The hacker later offered to sell data profiles in bulk for $1-$10 per account, according to BleepingComputer. The data includes origin estimations, phenotype information, photos, links to potential relatives, and raw data profiles.In response, 23andMe released a statement acknowledging that certain customer profile information was compiled without authorization, but did not specify the number of affected accounts.
23andMe, a California-based biotechnology company specializing in genetic testing services, allows customers to explore their ancestral origins and medical health.
“Upon discovering suspicious activity, we immediately launched an investigation,” the company stated in a blog post on Oct. 6.“At this time, we have no indication of a data security incident within our systems or that 23andMe was the source of the account credentials used in these attacks,” the company added.
The company suspects that “threat actors” gained access to accounts where users reused login credentials, meaning the passwords used on 23andMe.com were the same as those used on previously compromised websites.
“We believe that the threat actor may have then, in violation of our Terms of Service, accessed 23andMe.com accounts without authorization and obtained information from certain accounts, including information about users’ DNA Relatives profiles, to the extent a user opted into that service,” it explained.
Credential stuffing, the hacking technique used, is one of the reasons why cybersecurity experts advise against using the same password for multiple sites.
Users are urged to reset their passwords or enable multi-factor authentication, which adds an extra layer of security and can prevent unauthorized access through reused passwords. Other Data Breach Cases
This incident follows the exposure of personal data belonging to 1.24 million customers of Australian bookstore chain Dymocks on the dark web. After conducting an internal investigation, Dymocks confirmed that a third-party partner’s systems were accessed on Sept. 18.
However, Dymocks stated that “there is no evidence of unauthorized access to our systems.”
“We are collaborating with the identified partner to determine how their systems were accessed despite their security measures,” said a Dymocks spokesperson.
“While the extent of the breach has not been confirmed, initial indications suggest that passwords and financial information have not been compromised.”
In January, the personal data of 2.6 million users of language-learning platform Duolingo was put up for sale on a hacking forum for $1,500. The data included email addresses, phone numbers, and other details.
Duolingo stated that it is investigating the matter but has not found any evidence of a data breach or hack. The company believes the hacker may have obtained the records by scraping public profile information.
“No data breach or hack has occurred. We take data privacy and security seriously and continue to investigate this matter to ensure the protection of our learners,” the company informed The Record.Isabella Rayner and Reuters contributed to this report.
How can individuals protect their accounts and personal information from potential cyber threats when using online services like 23andMe
“>23andMe is taking this situation very seriously and is taking steps to investigate and address the issue,” the company said in its statement. “We are notifying affected customers and resetting their passwords. We are also enhancing our security measures to prevent similar incidents in the future.”
This incident highlights the importance of safeguarding personal information and the potential risks associated with genetic testing services. While these services can provide valuable insights into ancestry and health, they also involve the sharing of sensitive data that can be targeted by hackers.
It is crucial for individuals to understand the privacy and security measures implemented by genetic testing companies before sharing their personal information. This includes reviewing the company’s data protection policies, understanding how the data will be used and stored, and considering the potential risks and benefits of participating in genetic testing.
Additionally, users should take precautionary measures to protect their accounts and personal information. This includes using unique and strong passwords for each online account, enabling two-factor authentication, and regularly monitoring and reviewing account activity.
Cybersecurity experts also stress the importance of being vigilant for potential phishing attacks and suspicious emails or messages. Hackers may attempt to exploit this incident by sending fraudulent emails or requesting sensitive information, posing as representatives of 23andMe or other companies.
If users receive any suspicious communications, it is advised to independently verify the source and validity of the information before taking any action. This can be done by contacting the company directly through official contact channels or visiting their official website.
In conclusion, the reported data breach at 23andMe raises concerns about the security and privacy of personal information. Genetic testing companies and individuals must prioritize robust security measures and proactive actions to safeguard sensitive data. This incident serves as a reminder for individuals to be cautious and diligent when sharing personal information online and to remain vigilant against potential cyber threats.
As the investigation into the data breach continues, it will be crucial for 23andMe to provide regular updates and transparency to affected users to rebuild trust and demonstrate their commitment to protecting customer data.
" Conservative News Daily does not always share or support the views and opinions expressed here; they are just those of the writer."
