Hackers are reportedly selling the data of users obtained from the genetic database of 23andMe. BleepingComputer just reported that hackers made use of the stolen credentials and one of the very own features of 23andMe in finding and scraping data from millions of accounts.
Hackers Selling the Data of Users
23andMe in a blog post that was made yesterday stated that data from users of its genetic testing and analysis platform has been circulating on dark web forums after hackers reportedly utilized recycled logins to gain unrestricted access to get into several accounts. BleepingComputer on Thursday wrote that a hacker in question leaked what they stated was “1 million lines of data” for Ashkenazi Jewish people before stating that they would sell stolen 23andMe data for $1 – $10 per account. The data as you should know is inclusive of the names, profile photos, genetic ancestry results, date of birth, and geographical location of users.
The Company Has Confirmed the Legitimacy of the Stolen Data
The firm reportedly confirmed to BleepingComputer that the data in question that was stolen is legitimate in a statement that it also shared in an email to The Verge. 23andMe managing editor Scott Hadly in the statement, wrote that “the preliminary results of this investigation suggest that the login credentials used in these access attempts may have been gathered by a threat actor from data leaked during incidents involving other online platforms where users have recycled login credentials.” He also added that there was no indication of “a security incident within our systems.” BleepingComputer reports other users’ data was scraped using one of 23andMe’s own opt-in features, called ‘DNA Relatives”
Content of 23andMe’s Blog Post to Affected Users
The blog post of 23andMe gives links to its much-needed instructions for password resets as well as multi-factor authentication setup. The company also included a link to its privacy and security checkup page and hen stated that users who need help can email its support team directly.
As Many As 7 Million Accounts May Be In the Reported Sale
You should know that as many as 7 million accounts may be in the reported sale, PCMag on Wednesday reported, thus citing a post from Dark Web Informer that reportedly shared screenshots of yet another now-deleted hacker forum post. That is roughly half the total number of users on the platform of 23andMe. And according to ArsTechnica, hackers have claimed that the CEO of 23andMe knew about the leaked data two months prior to the incident but however didn’t disclose the said incident.
MORE RELATED POSTS