HQ/EMEAFind out how we can help your business
A threat actor added about 4.1 million stolen information from 23andMe genetic data profiles owned by Great Britain and German individuals in its leak site.
This incident followed a previous leak involving 1 million Ashkenazi Jews who had employed 23andMe for ancestry and genetic information. The company revealed that these breaches occurred through credential stuffing attacks by targeting their accounts with weak passwords or credentials exposed in previous data breaches. However, the company maintains no evidence of a security breach in its IT systems.
Although 23andMe claimed that only a limited number of accounts had suffered compromise, users that opted into the ‘DNA Relatives’ feature could enable the threat actor to access troves of data.
Subsequently, the same threat actor released an additional 4.1 million data profiles of individuals from Great Britain and Germany on the BreachForums hacking forum. This new leak includes 4,011,607 lines of 23andMe data for Great Britain residents.
The 23andMe hack could affect the most prominent names worldwide.
The 23andMe attackers have claimed that the stolen data includes genetic information about important and controversial individuals, such as royal family members, the Rothschilds, and the Rockefellers. However, the accuracy of these claims remains unverified, and the hackers have commented that “the wealthiest people living in the US and Western Europe” are present on the leaked list.
Furthermore, the same hacker has exposed an additional CSV file that contains 23andMe data from 139,172 individuals residing in Germany. On the other hand, the leakers sold some of the 23andMe data on the now-defunct Hydra hacking forum in August 2023, where the threat actor declared possession of 300 terabytes of stolen data.
Researchers believe that further data leaks could happen since the threat actors claim to have acquired a substantial amount of alleged stolen data and continue to generate interest in numerous buyers.
23andMe’s statement indicates that only a small portion of customer accounts have landed in the hackers’ possession, but using the DNA Relatives feature expanded the scope of this data breach.
These breaches have resulted in multiple lawsuits against 23andMe after the claimants asserted that the company did not manage their customer data well and did not provide adequate details about the breach.
