The epoch times

Genetic testing firm 23andMe confirms data sale, launches investigation.

Genetic testing ‍company 23andMe has‍ launched an investigation into a potential data breach after the personal data of millions of users was​ discovered ⁢for ‍sale on the dark web.

A hacker has advertised the personal information⁤ of seven million users on an online⁢ forum, including details such as origin ‌estimation, phenotype, health ​information, photos, and identification data.

The post ​was​ captured by Dark Web Informer, who shared ⁤it on X (formerly known as Twitter) on Oct. ‌4. The hacker claims that 23andMe’s CEO was aware of the “hack” two months ago and that they ⁣obtained “13 million pieces of data.”
Another⁤ hacker ⁢has advertised sample data of‍ one million ‍users⁣ with Ashkenazi heritage on a hacking online forum. ⁤The hacker later offered to sell data profiles in bulk for ‌$1-$10 per account,⁢ according to BleepingComputer. The data includes origin estimations, phenotype information, photos, links to potential relatives, and raw data profiles.

In response, 23andMe released a⁤ statement acknowledging that certain customer​ profile information⁢ was‍ compiled without authorization, but did not specify the number of affected ​accounts.

23andMe, a California-based ‍biotechnology company specializing in genetic testing services, allows customers to explore their ancestral origins and ‌medical health.

“Upon discovering suspicious activity, we immediately launched an investigation,” the⁣ company stated in a blog post on Oct. 6.

“At this time, we have no indication of a ⁢data security ‌incident within⁤ our systems or that 23andMe was the source of the account credentials used in these attacks,” the company added.

The company suspects that “threat actors” gained access to accounts where users reused⁣ login credentials, meaning the passwords ‍used on 23andMe.com were the same as those used on previously compromised websites.

“We believe that the threat actor may have⁣ then, in violation of our ​Terms‍ of Service, accessed 23andMe.com accounts without authorization‍ and obtained information from certain‌ accounts, including information about users’ DNA Relatives profiles, to the extent a user opted into⁢ that service,” ‌it explained.

Credential stuffing, the hacking technique used, is one of the reasons why cybersecurity⁢ experts advise against using the same password for multiple⁢ sites.

Users are urged⁤ to⁣ reset​ their⁤ passwords or enable multi-factor authentication, which adds an extra layer of security and can prevent unauthorized access through reused passwords. ​

Other Data Breach Cases

⁤ This incident follows the exposure of personal data belonging to 1.24 million customers of Australian bookstore chain Dymocks on the dark web. After conducting an internal investigation, Dymocks confirmed that a third-party partner’s systems were accessed on Sept. 18.

However, Dymocks stated that “there is no‍ evidence of unauthorized access ‍to ⁣our systems.”

“We are collaborating with the identified partner ⁤to determine how their systems ⁢were accessed despite their ‍security measures,” said a Dymocks spokesperson.

“While the extent of the breach has not been confirmed, initial‌ indications suggest⁣ that passwords and financial information have not been compromised.”

In January, the personal data of 2.6 million users of language-learning platform Duolingo was put up ​for sale on a hacking forum for $1,500. The data included email addresses, ⁣phone numbers, and ‌other ⁣details.

Duolingo⁣ stated that it is investigating the⁤ matter‍ but has not found any evidence of a data breach or hack. The company believes the hacker may have obtained the records by scraping public profile information.

“No data breach or hack has occurred. We take data privacy and security ⁣seriously and continue to⁣ investigate‌ this matter to ensure the protection of our learners,” the company informed The Record.
Isabella Rayner and Reuters contributed to this report.

How ‌can individuals⁢ protect their⁤ accounts and personal information⁢ from potential ‍cyber threats when‌ using online services like 23andMe

“>23andMe​ is taking this situation very seriously and is taking steps to investigate and address the issue,” the company ⁤said in its statement. “We⁤ are notifying affected customers and resetting their passwords. We are also enhancing our security measures to prevent similar incidents in the future.”

This incident highlights the importance of safeguarding personal⁢ information and​ the potential risks associated with genetic testing services. While these services can provide valuable insights into ancestry and health, they ​also involve the sharing of sensitive data that can be‌ targeted ‌by hackers.

It is crucial for individuals to understand the ⁢privacy and security measures ⁢implemented by genetic testing companies before sharing their ‌personal information. This⁤ includes reviewing the company’s⁣ data protection policies, understanding how the data will be​ used and stored, and considering ⁣the potential risks and benefits​ of participating ‍in genetic testing.

Additionally, users should⁤ take precautionary measures to protect their accounts and personal information. This includes using unique and strong​ passwords⁤ for each online account, enabling two-factor authentication, and regularly monitoring and reviewing account activity.

Cybersecurity experts ‌also stress the importance⁢ of being vigilant for potential phishing attacks and suspicious emails or messages. Hackers⁣ may attempt to exploit this incident by sending fraudulent emails or requesting sensitive information, posing as ⁣representatives of 23andMe or other companies.

If users‌ receive any suspicious communications, it is advised to independently verify the source and validity of the information before taking any action. This can be done by contacting the company directly through official contact channels or visiting their​ official website.

In conclusion, the⁣ reported data ‌breach at 23andMe raises concerns about‌ the security and ⁤privacy of⁤ personal information. Genetic testing companies ​and individuals must prioritize robust security measures and proactive⁣ actions to safeguard ‍sensitive data. This incident serves as a reminder for⁣ individuals to ⁤be cautious and‌ diligent when​ sharing personal information⁣ online and ‍to remain⁤ vigilant against potential cyber threats.

As‌ the​ investigation into⁢ the data breach continues, it will be crucial for 23andMe to provide regular updates and transparency to affected users to rebuild⁤ trust and demonstrate ‍their commitment to protecting customer data.



" Conservative News Daily does not always share or support the views and opinions expressed here; they are just those of the writer."
*As an Amazon Associate I earn from qualifying purchases

Related Articles

Sponsored Content
Back to top button
Available for Amazon Prime
Close

Adblock Detected

Please consider supporting us by disabling your ad blocker