23andMe Users' DNA Data Stolen

12278611098?profile=RESIZE_400xMy question is, “Who has not stolen my personal information?”  Equifax, Home Depot, Target, Anthem, and the OPM have already lost my PII.  I recently declined an invitation to register with ID.me, https://www.id.me .  ID.me is an American online identity network company that allows people to provide proof of their legal identity online. ID.me digital credentials can be used to access government services, healthcare logins, or discounts from retailers.  This potential theft will allow an unknown person to verify that they are me.

In a recent and alarming incident, famous genetic testing company 23andMe fell victim to a data breach, compromising the sensitive information of millions of its users.  The breach came to public attention when a cybercriminal claimed to possess a substantial amount of customer data from 23andMe, boasting about selling "the most valuable data you'll ever see."  The data reportedly included details from users who had opted into the company's "DNA Relatives" service, allowing individuals to connect with genetic relatives and delve into their family histories.[1]

According to reports, the attackers accessed individual accounts through credential-stuffing techniques.  This method involves using login credentials leaked from other online platforms to gain unauthorized access to user accounts where individuals have reused the same usernames and passwords.

The compromised accounts were those enrolled in the "DNA Relatives" feature, inadvertently revealing unexpected privacy consequences associated with such services.  The stolen information reportedly included users' display names, profile photos, gender, birth years, geographical locations, predicted relationships to genetic matches, the percentage of DNA matches, the number of shared genetic segments, and details about genetic ancestry, such as haplogroups.  A haplotype is a group of alleles, an allele is a variation of the same sequence of nucleotides at the same place on a long DNA molecule in an organism that is inherited together from a single parent, and a haplogroup is a group of similar haplotypes that share a common ancestor with a single-nucleotide polymorphism mutation.

One particularly troubling aspect of the 23andMe data breach was the targeting of specific ethnic groups, notably Ashkenazi Jews.   The cybercriminals behind the breach released an initial data sample containing 1 million data points exclusively about Ashkenazi Jews, indicating a deliberate focus on this particular community.

This targeting raises severe concerns about the potential for the stolen data to be used maliciously, possibly for identity theft, hate crimes, or other forms of discrimination.  It also underlines the importance of addressing not just the immediate cybersecurity implications but also the broader ethical considerations associated with targeted attacks on specific communities within genetic data.

23andMe responded promptly, confirming the incident and acknowledging that certain customer profile information was accessed without authorization. The company emphasized that there was no evidence of a breach within its systems but rather, the attackers utilized credentials leaked from other platforms to compromise accounts.  23andMe reiterated its commitment to user privacy and security, encouraging all users to enable multi-factor authentication (MFA) and avoid reusing passwords across different platforms.

As investigations into the breach continue, affected users are urged to take immediate steps to enhance their online security, such as enabling MFA and using strong, unique passwords.

 

This article is presented at no charge for educational and informational purposes only.

Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization and has reported extensively on AI technology.  For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@redskyalliance.com    

Weekly Cyber Intelligence Briefings:

Weekly Cyber Intelligence Briefings:

REDSHORTS - Weekly Cyber Intelligence Briefings

https://attendee.gotowebinar.com/register/5993554863383553632

 

[1] https://www.secureworld.io/industry-news/23andme-users-dna-hack

E-mail me when people leave their comments –

You need to be a member of Red Sky Alliance to add comments!