The genetic information of millions of Ashkenazi Jews leaked into the hands of hackers

 Someone decided to play hacker with 23andMe.


Genetics business 23andMe on Friday revealed that some of its customers' data had been leaked . Despite the fact that the company's systems were intact, the attackers acquired access to the data by guessing the logins and passwords of a distinct group of users. They then utilized the "DNA Relatives" function to obtain the information. It is worth emphasizing that users themselves elect to share their data through this function.

This week, hackers shared a sample of data on the BreachForums forum, claiming to have information on a million Ashkenazi Jews. In addition, hundreds of thousands of individuals of Chinese descent were apparently affected by the leak. On Wednesday, attackers began providing 23andMe profiles for $1 to $10, depending on quantity. The data offered includes name, gender, year of birth and certain genetic analysis details.

In its response, 23andMe stressed that it did not uncover any infractions in its systems. It also urged that its users choose strong, unique passwords and enable two-factor authentication.

The business further said: “It was discovered that some 23andMe customer data was obtained through access to their personal accounts on 23andMe.com.”

The corporation did not give a clear answer when asked whether it had confirmed the data breach, stating that their investigation was ongoing. A corporate spokesman indicated that the information leak refers to a circumstance in which some user accounts were exposed.

The approach of leveraging credentials obtained in earlier data breaches to hack into accounts where those logins have been repeated is known as “credential stuffing.”

The complete picture of why the data was obtained, how many more the attackers have, and if they are targeting Ashkenazi Jews solely is unclear.

0 Comments