AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |
Back to Blog
Data leak12/31/2023 Intelligent threat detection through real time alerts, anomaly spotting and automated threat response. Learn more On-Premise & Cloud Platforms We Audit In disclosing the incident in October, 23andMe said the data breach was caused by customers reusing passwords, which allowed hackers to brute-force the victims’ accounts by using publicly known passwords released in other companies’ data breaches.īecause of the way that the DNA Relatives feature matches users with their relatives, by hacking into one individual account, the hackers were able to see the personal data of both the account holder as well as their relatives, which magnified the total number of 23andMe victims.Monitor, audit and report on changes and interactions with platforms, files and folders across your on-premises and cloud environment. The two sets of information were formatted differently, but contained some of the same unique user and generic data, suggesting the data leaked by the hacker was at least in part authentic 23andMe customer data. When we analyzed the months-old leaked data, TechCrunch found that some records matched genetic data published online by hobbyists and genealogists. You can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 9, or via Telegram, Keybase and Wire or email You also can contact TechCrunch via SecureDrop. TechCrunch found that another hacker on a separate hacking forum had already advertised a batch of allegedly stolen 23andMe customer data two months before the widely reported advertisement.ĭo you have more information about the 23andMe incident? We’d love to hear from you. Two weeks later, the same hacker advertised the alleged records of another four million people on the same hacking forum. As proof of the breach, the hacker published the alleged data of one million users of Jewish Ashkenazi descent and 100,000 Chinese users, asking would-be buyers for $1 to $10 for the data per individual account. In early October, a hacker claimed to have stolen the DNA information of 23andMe users in a post on a well-known hacking forum. It is also not known why 23andMe did not share these numbers in its disclosure on Friday.Ĭonsidering the new numbers, in reality, the data breach is known to affect roughly half of 23andMe’s total reported 14 million customers. TechCrunch is printing the reply as we were given no opportunity to reject the terms.) (23andMe declared part of its email as “on background,” which requires that both parties agree to the terms in advance. The stolen data included the person’s name, birth year, relationship labels, the percentage of DNA shared with relatives, ancestry reports and self-reported location.Ģ3andMe also confirmed that another group of about 1.4 million people who opted-in to DNA Relatives also “had their Family Tree profile information accessed,” which includes display names, relationship labels, birth year, self-reported location and whether the user decided to share their information, the spokesperson said. In an email sent to TechCrunch late on Saturday, 23andMe spokesperson Katie Watson confirmed that hackers accessed the personal information of about 5.5 million people who opted-in to 23andMe’s DNA Relatives feature, which allows customers to automatically share some of their data with others. The company also said that by accessing those accounts, hackers were also able to access “a significant number of files containing profile information about other users’ ancestry.” But 23andMe would not say how many “other users” were impacted by the breach that the company initially disclosed in early October.Īs it turns out, there were a lot of “other users” who were victims of this data breach: 6.9 million affected individuals in total. On Friday, genetic testing company 23andMe announced that hackers accessed the personal data of 0.1% of customers, or about 14,000 individuals.
0 Comments
Read More
Leave a Reply. |