Biotechnology firm 23andMe, known for its genetic testing and genealogy services, recently disclosed that it suffered a data breach due to a credential stuffing attack. The cyberattack, which was made public on October 6 through a post on 23andMe’s website, specifically targeted users of Ashkenazi Jewish descent. The company revealed that unauthorized individuals compiled certain 23andMe customer profile information from the DNA Relatives feature without the users’ consent. The compromised data might include users’ names, sex, email addresses, birth dates, locations, and 23andMe’s assessment of their genetic history.
The breach was attributed to credential stuffing, where attackers use previously exposed login credentials to access other accounts. In cases where users have reused their login details across multiple sites, these attacks can be successful. 23andMe has initiated an investigation and advised users to update their passwords and activate multi-factor authentication.
The focus on Ashkenazi Jews became evident when the alleged hacker posted on a dark web forum, BreachForums. The hacker claimed to have a “1 million Ashkenazi database” and offered various data packs for sale, with prices ranging from $1,000 for 100 profiles to $100,000 for 100,000 profiles. The data supposedly includes DNA profiles of influential individuals and comes with associated email addresses. 23andMe has verified the authenticity of the data leaked by the hacker.
Source: Cyber Security Hub
To mitigate potential threats, it is important to implement additional cybersecurity measures with the help of a trusted partner like INFRA www.infrascan.net or you can try your self using check.website.