| On
2023-12-05 7:04 AM

Genetic Data Heist: 23andMe’s Massive Breach Exposes 6.9M Users, Sparks Security Concerns

  • 6.9 million 23andMe users affected.
  • DNA Relatives feature exploited, compromising genetic data and personal details.
By Lethabo Ntsoane

In a startling revelation, 23andMe, the popular genetic testing service, has confirmed a major data breach affecting 6.9 million users. The breach, discovered through a credential stuffing attack, has exposed sensitive genetic information and other personal details.

Breach Overview

According to an update from 23andMe, the breach impacted approximately 5.5 million users who had the ‘DNA Relatives’ feature enabled. This feature matches users with similar genetic profiles, but in this case, it became the gateway for unauthorized access. An additional 1.4 million users had their family tree profiles accessed.

The breach was executed through a credential stuffing attack, a technique where hackers use login credentials obtained from other security breaches. In this instance, threat actors directly accessed 0.1% of user accounts, roughly 14,000 users, gaining entry to the broader user base.

Unauthorized Access and Exploitation

Once inside, the attackers exploited the DNA Relatives feature to access an extensive amount of information from millions of user profiles. The compromised data includes display names, predicted relationships, DNA information, ancestry reports, self-reported locations, ancestor birth locations, family names, profile pictures, and more.

23andMe’s initial denial of a data security incident within its systems is at odds with the significant compromise of user information. Despite claims to the contrary, the breach has raised questions about the platform’s security measures and its ability to protect sensitive genetic data.

Timeline of Events

The breach’s first signs emerged in October when 23andMe confirmed that user information was available for sale on the dark web. The company, at that time, acknowledged investigating a hacker’s claims of leaking 4 million genetic profiles from individuals in Great Britain and the wealthiest residents of the U.S. and Western Europe.

User Impact and Response

Affected users, both from the DNA Relatives and family tree profiles, are still in the process of being notified by 23andMe. The company has taken immediate steps to enhance security, requiring password resets for all users. Furthermore, two-step verification, previously optional, is now mandatory for both new and existing users.

Security Implications

This breach highlights the vulnerability of personal genetic data and the need for stringent security measures in platforms dealing with such sensitive information. The incident underscores the importance of robust password practices and the implementation of additional security layers.

In response to the breach, 23andMe urges users to reset their passwords promptly and assures ongoing efforts to address the security lapse. However, the scale of the breach and the compromised genetic data emphasize the urgency for users to exercise caution and vigilance when dealing with such platforms.

As 23andMe works to contain the fallout, the incident serves as a stark reminder of the evolving threats to personal data security and the imperative for individuals to stay informed and proactive in safeguarding their sensitive information.

Join Our Newsletter
Subscribe to our newsletter and stay updated.

Sponsored

Start trading with a free $30 bonus

Unleash your trading potential with XM—your gateway to the electric world of financial markets! Get a staggering $30 trading bonus right off the bat, with no deposit required. Dive into a sea of opportunities with access to over 1000 instruments on the most cutting-edge XM platforms. Trade with zest, at your own pace, anytime, anywhere. Don't wait, your trading journey begins now! Click here to ignite your trading spirit!

Lethabo Ntsoane

Lethabo Ntsoane holds a Bachelors Degree in Accounting from the University of South Africa. He is a Financial Product commentator at Rateweb. He is an expect financial product analyst with years of experience in reviewing products and offering commentary. Lethabo majors in financial news, reviews and financial tips. He can be contacted: Email: lethabo@rateweb.co.za Twitter: @NtsoaneLethabo