23andMe says hackers accessed ‘significant number’ of files about users’ ancestry
Reading Time: 2 minutesGenetic testing company 23andMe announced on Friday that hackers accessed around 14,000 customer accounts in the company’s recent data breach.
In a new filing with the U.S. Securities and Exchange Commission published Friday, the company said that, based on its investigation into the incident, it had determined that hackers had accessed 0.1% of its customer base. According to the company’s most recent annual earnings report, 23andMe has ‘more than 14 million customers worldwide,’ which means 0.1% is around 14,000.
But the company also said that by accessing those accounts, the hackers were also able to access ‘a significant number of files containing profile information about other users’ ancestry that such users chose to share when opting in to 23andMe’s DNA Relatives feature.’
The company did not specify what that ‘significant number’ of files is, nor how many of these ‘other users’ were impacted.
23andMe did not immediately respond to a request for comment, which included questions on those numbers.
In early October, 23andMe disclosed an incident in which hackers had stolen some users’ data using a common technique known as ‘credential stuffing,’ whereby cybercriminals hack into a victim’s account by using a known password, perhaps leaked due to a data breach on another service.
The damage, however, did not stop with the customers who had their accounts accessed. 23andMe allows users to opt into a feature called DNA Relatives. If a user opts-in to that feature, 23andMe shares some of that user’s information with others. That means that by accessing one victim’s account, hackers were also able to see the personal data of people connected to that initial victim.
23andMe said in the filing that for the initial 14,000 users, the stolen data ‘generally included ancestry information, and, for a subset of those accounts, health-related information based upon the user’s genetics.’ For the other subset of users, 23andMe only said that the hackers stole ‘profile information’ and then posted unspecified ‘certain information’ online.
News of the data breach surfaced online in October when hackers advertised the alleged data of one million users of Jewish Ashkenazi descent and 100,000 Chinese users on a well-known hacking forum. Roughly two weeks later, the same hacker who advertised the initial stolen user data advertised the alleged records of four million more people. The hacker was trying to sell the data of individual victims for $1 to $10.
In response to the data breach, on October 10, 23andMe forced users to reset and change their passwords and encouraged them to turn on multi-factor authentication. And on November 6, the company required all users to use two-step verification, according to the new filing.
After the 23andMe breach, other DNA testing companies Ancestry and MyHeritage started mandating two-factor authentication.
Ref: techcrunch
MediaDownloader.net -> Free Online Video Downloader, Download Any Video From YouTube, VK, Vimeo, Twitter, Twitch, Tumblr, Tiktok, Telegram, TED, Streamable, Soundcloud, Snapchat, Share, Rumble, Reddit, PuhuTV, Pinterest, Periscope, Ok.ru, MxTakatak, Mixcloud, Mashable, LinkedIn, Likee, Kwai, Izlesene, Instagram, Imgur, IMDB, Ifunny, Gaana, Flickr, Febspot, Facebook, ESPN, Douyin, Dailymotion, Buzzfeed, BluTV, Blogger, Bitchute, Bilibili, Bandcamp, Akıllı, 9GAG