CarderPlanet
Professional
- Messages
- 2,552
- Reaction score
- 684
- Points
- 83
Someone decided to play hacker with 23andMe.
Genetic company 23andMe on Friday confirmed the data leak of some of its customers. Despite the fact that the company's systems remained intact, the attackers gained access to the data by guessing the logins and passwords of a separate group of users. They then used the "DNA Relatives" function to extract the information. It is worth noting that users themselves decide to share their data through this feature.
This week, hackers posted a sample of data on the BreachForums platform, claiming that it contains information about a million Ashkenazi Jews. In addition, the leak apparently affected hundreds of thousands of users of Chinese origin. On Wednesday, the attackers started offering 23andMe profiles for $ 1-10, depending on the number. The data sold includes name, gender, year of birth, and some genetic analysis details.
In a statement, 23andMe stressed that it did not find any violations in its systems. It also recommended that its users choose strong, unique passwords and activate two-factor authentication.
The company also said: "It was revealed that some data of 23andMe customers was obtained through access to their personal accounts on 23andMe.com".
The company did not give a clear answer to the question of whether it confirmed the data leak, noting that its investigation is ongoing. A company representative said that the leak of information corresponds to a situation in which some user accounts were disclosed.
The technique of using credentials exposed in other data leaks to break into accounts where these logins were reused is known as"credential stuffing".
The full picture of why the data was stolen, how much more the attackers have, and whether they are targeting Ashkenazi Jews exclusively is still unclear.
Genetic company 23andMe on Friday confirmed the data leak of some of its customers. Despite the fact that the company's systems remained intact, the attackers gained access to the data by guessing the logins and passwords of a separate group of users. They then used the "DNA Relatives" function to extract the information. It is worth noting that users themselves decide to share their data through this feature.
This week, hackers posted a sample of data on the BreachForums platform, claiming that it contains information about a million Ashkenazi Jews. In addition, the leak apparently affected hundreds of thousands of users of Chinese origin. On Wednesday, the attackers started offering 23andMe profiles for $ 1-10, depending on the number. The data sold includes name, gender, year of birth, and some genetic analysis details.
In a statement, 23andMe stressed that it did not find any violations in its systems. It also recommended that its users choose strong, unique passwords and activate two-factor authentication.
The company also said: "It was revealed that some data of 23andMe customers was obtained through access to their personal accounts on 23andMe.com".
The company did not give a clear answer to the question of whether it confirmed the data leak, noting that its investigation is ongoing. A company representative said that the leak of information corresponds to a situation in which some user accounts were disclosed.
The technique of using credentials exposed in other data leaks to break into accounts where these logins were reused is known as"credential stuffing".
The full picture of why the data was stolen, how much more the attackers have, and whether they are targeting Ashkenazi Jews exclusively is still unclear.
