Renowned DNA testing service 23andMe is currently probing claims surrounding the theft of a considerable volume of customer data. This move follows an alarming disclosure that customer data from the company was purportedly offered for sale on a cybercrime forum earlier this week.
As reported by CyberScoop, a concerning post appeared on a notorious cybercrime platform where a supposed seller claimed to possess troves of data from 23andMe, with a link provided to a sample labeled as "20 million pieces of data."
If true, the allegations point to an alarming breach of privacy, given the intimate nature of the information 23andMe handles. This encompasses genetic traits, family history, and a spectrum of personal data, including names, addresses, blood types, and more.
The company has publicly acknowledged its awareness that "certain 23andMe customer profile information was compiled through unauthorized access to individual 23andMe.com accounts."
However, they claimed there is "no indication at this time that there has been a data security incident within our systems." The company's preliminary findings indicate that perpetrators possibly capitalized on credentials leaked from unrelated breaches on other platforms, accessing 23andMe accounts of those who reused the same username-password combinations.
A particularly concerning element is the vulnerability faced by users who availed of the "DNA Relatives" service. This feature, designed to help users identify and connect with genetically related individuals, became a point of exploitation.
As conveyed by the company, unauthorized actors might have extracted data concerning users' potential family connections. This potentially exposed information includes user display names, birth year, profile photo, gender, location, predicted relationship estimations, DNA match statistics, haplogroups, and more.
The data set is broad, and its exact extent and authenticity remain uncertain. Initially offered for sale on Sunday, the data set was temporarily removed only to reappear by mid-week, with the alleged seller now offering a broader array of data.
The data is said to include "tailored ethnic groupings, individualized data sets, pinpointed origin estimations, haplogroup details, phenotype information, photographs, links to hundreds of potential relatives, and most crucially, raw data profiles."
The significant implications of such an incident cannot be overstated:
The bare statement of this incident underscores that our most intimate data may be more vulnerable than we believe, emphasizing the importance of cyber vigilance and unique password use across online platforms.
Dedicated solutions such as Bitdefender Digital Identity Protection can help you keep your identity safe against the influx of data breaches. Key features include:
tags
Vlad's love for technology and writing created rich soil for his interest in cybersecurity to sprout into a full-on passion. Before becoming a Security Analyst, he covered tech and security topics.
View all postsNovember 14, 2024
September 06, 2024