HQ/EMEAFind out how we can help your business
23andMe, a well-known genetics company, confirmed that a credential-stuffing attack had compromised users’ data. The company has verified that the stolen information currently circulates on hacker forums.
The affected entity is a United States-based biotechnology and genomics firm that offers genetic testing services to customers who submit saliva samples to its laboratories in exchange for ancestry and genetic predisposition reports.
An unknown threat group has claimed that they have leaked the stolen data from 23andMe.
Based on reports, an unidentified hacker group has leaked the alleged stolen data from a genetics firm, which could be from 23andMe. The origins of the stolen data became more apparent after the attackers offered to sell data packs linked to 23andMe customers.
Initially, there is a limit to the data as it only involves 1 million data lines related to Ashkenazi individuals. However, the threat actor offered to sell data profiles in bulk, pricing them at $1 to $10 per 23andMe account.
A company representative confirmed the legitimacy of the information and explained that the threat actors utilised exposed credentials acquired from previous campaigns to obtain access to their company’s accounts and steal sensitive information.
The company also admitted that they have yet to get evidence of a data security incident in their systems. Still, the initial findings from their investigation show that the login credentials used in access attempts in previous incidents involving other online platforms, where users reused their login credentials.
The confirmed exposed information from this incident includes full names, usernames, profile pictures, gender, date of birth, genetic ancestry results, and geographical location. Furthermore, investigations discovered that the number of accounts sold by the cybercriminal does not necessarily match the number of 23andMe accounts that suffered compromise using exposed credentials.
The affected accounts fell into the platform’s ‘DNA Relatives’ feature. This feature enables users to identify genetic relatives and connect with them. This detail implies the importance of opting for certain features since it could lead to unforeseen privacy implications.
Therefore, the company has urged users to adopt 2FA as an added layer of account security and advised them to constantly change their passwords, indicating the criticality of using strong and unique credentials for each online account.
