Comment on this storyComment
A hacker is offering to sell records that identify the names, locations and ethnicity of potentially millions of customers of the genetic testing company 23andMe, initially touting a batch that would contain data on people with Jewish ancestry.
A 23andMe spokeswoman confirmed that the leak contained samples of real data and said the company was investigating. She said it seemed likely that the hacker or his accomplices used a common technique called credential stuffing: taking username-password combinations that were posted or sold after breaches at other companies and trying those combinations to find out which 23andMe -Customers were reused. When the hacker found working logins, he copied all the information provided to legitimate users by their relatives, sometimes hundreds of them per account.
The company said it reported the incident to law enforcement and that this was the first incident of its kind at the company.
The data does not contain genomic details, which are particularly sensitive, but does contain user names, regional locations, profile photos and birth years. Usernames are often something other than full legal names.
23andMe said it encourages users to change their passwords and use two-factor authentication to prevent others from logging in under their name.
Online posts advertising the data for sale on underground forums said buyers could purchase 100 profiles for $1,000 or even 100,000 for $100,000. One post said the person had uploaded a large database of Ashkenazi Jews. The company spokeswoman said this would include people with just 1% Jewish ancestry.
Some posts used the term “golem,” a reference to a humanoid animal in Jewish folk tales.
The data extracted from 23andMe could cover more than half of the company’s 14 million customers. based on the number of people who have chosen to make their data visible to relatives, including distant cousins.
While the reference to Jews was perhaps intended to attract attention and increase the likelihood of transactions, it comes at a time of increasing rhetorical and physical attacks on Jews in the United States. Anti-Semitism has become increasingly prominent on social networks in the past year due to conspiracy theories that blame Jews for illegal immigration, media manipulation or financial misdeeds.