Hackers accessed 23andMe user data online. 23andme
- User data from 23andMe accounts was leaked and put up for sale on a dark web forum.
- Hackers likely collected the data using leaked customer credentials for other platforms and services.
- A spokesman for 23andMe said there was no evidence that data security was guaranteed in its systems.
Hackers who claim to have access to the names, photos, birthdates and ethnicities of potentially millions of 23andMe customers are selling the information for thousands of dollars on the dark web.
According to 23andMe, the data appears to have come from user credentials exposed in previous data breaches, and the company’s security systems were not breached.
“The preliminary results of this investigation indicate that the credentials used in these access attempts may have been collected by a threat actor from data leaked in incidents involving other online platforms where users recycled credentials,” a company spokesperson said told Insider. In other words, the hackers planted leaked username-password combinations into 23andMe accounts using a technique known as credential stuffing.
The company first became aware of the attack through a post on Reddit, which appears to have been removed from the platform. Since then, hackers have started hawking the data on cybercrime marketplace BreachForums.
An anonymous seller advertised on BreachForums earlier this week that the data contained “DNA profiles of millions of people, from the world’s biggest business tycoons to dynasties often whispered about in conspiracy theories,” noting that each data set also included “relevant email addresses,” based on a repost of the ad on The company is headed by Anne Wojcicki – sister of former YouTube CEO Susan Wojcicki and ex-wife of Sergey Brin.
And the seller offered profile packages starting at $1,000 for 100 profiles, going up to $100,000 for 100,000 profiles, and noted that it would offer the flexibility of payment in stages with any bulk purchase of 10,000 profiles.
In another post on BreachForums, also on The company, which has a total of 14 million users, has yet to confirm the number of compromised user accounts and also noted that no raw genetic data was shared.
Based on the results of its preliminary investigation, the company believes that the hackers gained access to a much smaller number of user accounts, but they managed to access the data of several other 23andMe users using a feature called DNA Relatives. The feature allows users to connect with and view information about other users with whom they have shared a “recent ancestor” – which they define on their website as being less than nine generations ago.
23andMe also did not confirm whether the attack targeted a specific ethnic group. A post on BreachForums earlier this week touted the data sample as a “1 million Ashkenazi database,” although according to the company, a person could be classified as an Ashkenazi Jew even if they have only 1% Jewish ancestry. People of European or Ashkenazi ancestry are likely to have many matches with people of Asian or Middle Eastern ancestry through the DNA Relatives feature, 23andMe also notes on its website. “Hundreds of thousands of users of Chinese descent” could also be affected by the leak, Wired reported.
23andMe, founded in 2006, caused a stir with its saliva tests that could test genetics, ancestry and inherited traits. The company, which shares anonymized user data with third parties with their consent, requires users to enable multi-factor authentication to prevent further attacks.
NOW WATCH: Popular Videos from Insider Inc.
Is loading…