Hackers accessed a ‘significant number’ of 23andMe users’ ancestry information.

On Friday, 23andMe disclosed that hackers breached 14,000 client accounts.

0 311

After investigating the situation, the business told the SEC on Friday that hackers had accessed 0.1% of its customers. 23andMe has “more than 14 million customers worldwide,” or 0.1%, according to its last annual financial report.

By accessing those accounts, the hackers also gained access to “a significant number of files containing profile information about other users’ ancestry that such users chose to share when opting into 23andMe’s DNA Relatives feature.”

The corporation did not say what “significant number” of files or how many “other users” were affected.

23andMe did not reply to a request for comment on those statistics.

23andMe announced in early October that hackers had obtained some customers’ data via “credential stuffing,” a popular cybercrime strategy. Cybercriminals access a victim’s account using a known password, maybe hacked from another provider.

Customers whose accounts were accessed suffered further harm. Users can choose DNA Relatives on 23andMe. 23andMe provides user data if they opt-in. Hackers might examine the personal data of persons connected to one victim by accessing their account.

In its statement, 23andMe stated that the stolen data for the first 14,000 users “generally included ancestry information, and, for a subset of those accounts, health-related information based upon the user’s genetics.” 23andMe merely said the hackers obtained “profile information” and put “certain information” online for the other users.

TechCrunch compared stolen data to public genealogy information, including hobbyist and genealogical websites. Although the data were organized differently, they contained some of the same unique user and genetic information as genealogical records released online years earlier.

TechCrunch said that one genealogy website’s owner has roughly 5,000 23andMe-discovered relatives and that our “correlations might take that into account.”

In October, hackers posted the supposed data of one million Jewish Ashkenazi and 100,000 Chinese users on a popular hacking site. Four million additional user records were offered by the same thief two weeks later. The hacker wanted $1–$10 for victim info.

TechCrunch revealed that another hacker on a separate site marketed even more stolen customer data two months before news outlets exposed it in October. To sell 300 gigabytes of stolen 23andMe customer data, the hacker demanded $50 million or $1,000–10,000 for a portion of the first advertising.

On October 10, 23andMe compelled users to reset and update their passwords and enable multi-factor authentication after the data leak. The petition states that on November 6, the corporation mandated two-step authentication for all customers.

After the 23andMe incident, Ancestry and MyHeritage required two-factor verification.

Leave A Reply

Your email address will not be published.