Cybercriminals who hacked into an Ancestry website could use the data to target hundreds of thousands of Britons.
DNA profiling company 23andMe has warned that a hacker known as “Golem” leaked the genetic profiles of 4 million of its users, including data related to the British royal family and dynasties such as the Rothschilds and Rockefellers.
Worryingly, the hacker said the mass release targeted “families serving Zionism,” raising fears that it could target users based on their ethnicity, particularly the Jewish community.
But experts have warned that data from the site and other companies such as AncestryDNA and MyHeritage could be used to target anyone who submitted a £100 swab test.
It is claimed that nefarious criminals could use the information obtained by hacking these websites to blackmail and impersonate users.
23andMe is the leader in the $3 billion genetic testing market. For prices up to $200, customers can take a test that reveals their ethnic origins
Anne Wojcicki, co-founder of 23andMe in 2006, has not yet commented on the alleged data breach
Data on people’s DNA is in high demand on the black market, according to The Street.
Information about people’s ancestry and family relationships could be ripe for blackmail attacks if people have hidden secrets, it says.
In addition, personal information obtained from people’s profiles on the websites, including telephone numbers, addresses, names and dates of birth, could be used to commit fraud and fraud.
The dataset taken from 23andMe includes four million customers with ancestry in the UK, Golem claimed, saying the genetic profiles included “the richest people living in the US and Western Europe”.
Anne Wojcicki, CEO of 23andMe, is said to be worth $850 million and co-founded the company in 2006. She was married to Google co-founder Sergey Brin for eight years and became one of the richest couples in America until their divorce. It has not yet commented on the alleged data breach – but a spokesperson for the company said it is “reviewing the data to determine whether it is legitimate.”
For £99, 23andMe users will receive a kit in the post. They spit into a saliva tube and send it back to a lab. Within three to four weeks, a report detailing DNA and ancestry is generated online through a password-protected account. For £238, DNA will be analyzed for health data including the likelihood of cancer, heart attack and high blood pressure.
Golem has claimed that the stolen detailed DNA profiles included email addresses, photos, gender, date of birth and genetic ancestry. Online posts suggest profiles cost $10 each, or $1 if purchased in blocks of 100,000 – but a portion of 4 million are said to have been leaked online.
“There are samples from hundreds of families, including the Royal Family, the Rothschilds, the Rockefellers and more,” the hacker added, referring to wealthy European and American families, respectively.
A hacker has released millions more genetic profiles stolen from DNA testing company 23andMe, claiming the leaked dataset includes members of the British royal family
Anne Wojcicki, CEO of 23andMe, is said to be worth $850 million and co-founded the company in 2006. She was married to Google co-founder Sergey Brin (pictured together) for eight years until the Silicon Valley power couple divorced
The royal family can be seen in a file photo. A hacker claims to have published DNA from four million people of British descent, including members of the royal family
A Buckingham Palace spokesman did not immediately respond to a request for comment.
What type of data does 23andMe store?
The company 23andMe sells tests that determine a customer’s risk of developing a range of inherited diseases and conditions, including genes linked to diabetes, heart disease and breast cancer.
It was founded in 2006 before being banned in the United States by the Food and Drug Administration (FDA) in 2013.
The service was then reinstated two years later after the FDA approved 23andMe’s DNA testing for 36 diseases, up from the 254 originally advertised.
Using a mailed saliva sample, the company can tell customers whether they are carriers of any of the diseases – including cystic fibrosis and sickle cell anemia – and whether there is a risk of transmitting these diseases to children.
It therefore now has the genetic data of more than 10 million people around the world, including people in the UK.
Activists had previously expressed fears about the “huge cybersecurity implications” of storing such a large data set of private information. These concerns have now come true.
About four million DNA samples have been leaked by a hacker – data that also provides insight into a person’s ancestors and their children.
As one cybersecurity expert put it, “If your computer gets hacked, you can change your passwords.”
“You can’t change your DNA.”
One concerned customer told Web: “I only received one email which made me feel like they had taken care of the matter and there was nothing to worry about.” The last email is over a week ago ago, but now I’ve read what really happened.
“I submitted my DNA to better understand my ancestry. It’s quite versatile, I’m not sharing it for research purposes. So when I find out there’s someone out there using this to look for Jews, I feel sick.”
“23andme needs to immediately update its customers, especially those of Jewish descent.”
At least some of the newly leaked stolen data matches known and public 23andMe user and genetic information, supporting the authenticity of the leak, according to TechCrunch.
“23andme needs to update its customers, especially those of us with Jewish , immediately.”
The hacker accused German Chancellor Olaf Scholz of “serving Zionism” and said the publication affected a third of all profiles with German origins in the stolen database and threatened to publish more profiles if Germany maintained its support for Israel.
Cybersecurity experts had more questions than answers about the apparent breach.
“Little is known about this hack.” Who was responsible? Was their motivation financial or political? Was 23andMe specifically targeted? How did the hacker get the data? Brett Callow, a threat analyst at cybersecurity firm Emsisoft, told .
“We don’t have conclusive answers to any of the questions. “However, it is obvious that sharing your DNA with third parties is not without risk,” he added.
The latest leak follows offers by the hacker to sell stolen DNA profiles and an earlier leak of millions of profiles of people of Jewish and Chinese descent.
“These breaches are becoming more brazen and worrying,” Dimitri Sirota, CEO of data security firm BigID, told .
“They target contextual identifiers such as ethnic group membership.” “This could be used to target campaigns based on ethnicity, race, gender, political affiliation or membership in another group,” he added, saying there were There is concern that cyber breaches could become “hate crimes”.
Golem, the hacker who published the stolen data, apparently initially put the profiles up for sale for $10 per profile, or less if purchased in bulk
The email notifying customers of the data breach
23andMe said it found no system-wide breaches and claimed the data may have been stolen from individual users who reused passwords that had been breached on other sites.
If so, the hackers may have only targeted a limited number of accounts but crawled millions of profiles using the DNA Relatives feature, which 23andMe users can use to find information about family members.
Golem, the hacker who published the stolen data, apparently initially put the profiles up for sale, writing on Wednesday: “I would like to remind you that even the data I share here is extremely valuable.”
But the hacker in the latest leaks sounded more politically motivated, lashing out at Israel and citing a recent explosion at a hospital in Gaza that killed hundreds of people as his motive for releasing the new genetic profiles.
Palestinians blame Israel for the explosion, while Israel says the hospital was hit by a misfired rocket fired by militants in the Gaza Strip.
“I’m not Muslim, but I can barely stop myself from uploading hundreds of them.” [terabytes] “The data was torrented because the despicable Israel attacked the hospital,” Golem wrote.
23andMe said in a statement on Wednesday: “We recently learned that certain profile information – which a customer created and chose to share with their genetic relatives in the DNA Relatives feature – was accessed from individual 23andMe.com accounts without their permission .
“We immediately began an investigation and currently have no indication that there was a data security incident in our systems or that 23andMe was the source of the account credentials used in these attacks.”
“Our investigation shows that the threat actor was able to access certain customer accounts in cases where users recycled credentials – that is, usernames and passwords used on 23andMe.com were the same as those used on other sites, that were previously hacked.”
“We have since notified customers and implemented additional security measures, including requiring all accounts to undergo a password reset and recommending that customers enable multi-factor authentication.” We are working with third-party forensic experts as part of our ongoing investigation as well as with federal law enforcement authorities.
“Today we were informed that the threat actor involved in this investigation has reportedly released additional customer DNA relative profile information.” We are currently reviewing the data to determine whether it is legitimate.
“Our investigation is ongoing and if we learn that a customer’s data has been accessed without their authorization, we will notify them directly with further information.”
23andMe is the leader in the $3 billion genetic testing market. For prices up to $200, customers can take a test that reveals their background and also identifies gene variants linked to diseases such as Alzheimer’s and Parkinson’s.