Popular genetics testing company, “23andMe,” recently confirmed that data from its users had been hacked.
— One America News (@OANN) October 20, 2023
23andMe reportedly suffered the hacking of a few million data points from user accounts, which have been revealed on Breach Forums, a cybercrime marketplace, as reported by One America News (OAN).
23andMe is a prominent biotechnology company that analyzes ancestries and provides DNA testing services, family history information as well as personalized health insights, according to the company’s website.
Hackers posted user data from 23andMe on Breach Forums, claiming that it obtained 1 million genetic data points about “Ashkenazi Jews.” Thousands of Chinese nationals were also heavily affected by the data leak, as reported by OAN.
The hackers’ specific use of the reference “Ashkenazi Jews” wasn’t welcomed by many Jewish individuals amid an ongoing war between Israel and Hamas, a terrorist organization that represents how ripe anti-Semitism is today.
Recently, the hackers began selling user profiles on 23andMe for approximately $10 each. Among the data in the user profiles was a person’s name, gender and birth year, along with information pertaining to their genetic ancestry.
“Credential stuffing never really went away and a lot of it just comes down to the fact that humans reuse their passwords—that’s what makes it possible,” a digital scams researcher, Ronnie Tokazowski, said. “And the fact that it’s claiming to target a Jewish population or celebrities—it’s not shocking. It reflects the underbelly of the internet.”
On Oct. 17, 2023, a hacker, “Golem,” published new data from 23andMe that contained user-sensitive ancestry details. The leak contained approximately 4 million records from private user data and was shared on Breach Forums.
Golem said the leaked data contains information about individuals from Great Britain and “the wealthiest people living in the U.S. and Western Europe on the list.”
Despite Golem’s comments, 23andMe is still working to verify what data was leaked.
A 23andMe spokesperson, Andy Kill, announced that the company is still “reviewing the data to determine if it is legitimate.”
In response to the leaks, 23andMe told its users to change their passwords and switch to multi-factor authentication.