Image Credits: Paul Morris/Bloomberg via Getty Images / Getty Images
23andMe, a well-known company that tests people's DNA, is looking into another possible data leak. Reports from TechCrunch and The Verge tell us that a hacker called "Golem" says they have leaked 4 million genetic profiles. These profiles are said to belong to people living in Great Britain, the U.S., and Western Europe. This comes after an earlier leak this month when Golem said they had stolen 1 million genetic data lines from 23andMe.
The data was leaked on a website known for hacking, called BreachForums. But 23andMe has not yet confirmed if the data is real. Katie Watson, the company's vice president of communications, said, "Our investigation is ongoing, and if we learn that a customer’s data has been accessed without their authorization, we will notify them directly with more information."
Earlier in the month, 23andMe confirmed that data from a previous leak was real and had affected a feature on their platform called 'DNA Relatives'. This feature lets users find potential family members within the 23andMe user base. At that time, there were no signs of a security issue within their systems. This led to the belief that hackers got into users' accounts using login details exposed in other breaches.
The recent leak also seems to involve the DNA Relatives feature. This could allow the hacker to gather information about the relatives that an account has matched with. The company has asked users to change their passwords and has suggested they turn on multi-factor authentication.
This incident is thought to have started several months ago when a hacker on another cybercrime forum, Hydra, advertised a set of 23andMe user data. However, many things about this incident are still unclear - like the exact method used by the hackers, how much user data was stolen, and what the hackers plan to do with this data.
The company has stressed that it does not see evidence of its systems being hacked. It also suggested users use strong, unique passwords and turn on two-factor authentication. This can prevent attackers from getting into their individual accounts using login details exposed in other data breaches.
"We were made aware that certain 23andMe customer profile information was compiled through access to individual 23andMe.com accounts," the company said in a statement. "We believe that the threat actor may have then, in violation of our terms of service, accessed 23andme.com accounts without authorization and obtained information from those accounts."
We still don't know the full extent of this data leak. As we wait for more updates from the company, users are advised to change their passwords and turn on multi-factor authentication for added security.
“This blog was written by the Activated Solutions team. If you are a business owner or an individual concerned about your cybersecurity, it's time to take action. Activated Solutions can help you to protect your business and personal data from potential cyber threats.
Contact Activated Solutions today to learn more about how they can help you protect your business. With our expertise and commitment to cybersecurity, you can have peace of mind knowing that you are taking proactive steps to protect yourself and your business from potential data breaches.
For more information, please visit: activatedsolutions.ca.”
Sources:
Bicchierai, Lorenzo Franceschi. “Hacker Leaks Millions More 23andme User Records on Cybercrime Forum ...” TechCrunch, 18 Oct. 2023, techcrunch.com/2023/10/18/hacker-leaks-millions-more-23andme-user-records-on-cybercrime-forum/.
Roth, Emma. “23andMe Says It’s Looking into Another Possible Data Leak.” TheVerge, 19 Oct. 2023, www.theverge.com/2023/10/19/23923861/23andme-possible-data-leak-hack.
Newman, Lily Hay. 23andMe User Data Stolen in Targeted Attack on Ashkenazi Jews, 6 Oct. 2023, www.wired.com/story/23andme-credential-stuffing-data-stolen/.
Comments