The new frontier of luxury: How Mercedes-Maybach and Space Perspective are changing the game of space tourism
09/10/2023How Shadow is disrupting the cloud PC market with its $9.99 per month offer
11/10/2023The dark side of 23andMe: How your genetic data can be exploited by hackers
The genetic testing company 23andMe has confirmed that data from some of its users has been compromised and is being offered for sale on hacker forums. The company said that its systems were not breached and that the attackers obtained the data by guessing the login credentials of some users and then scraping more information from a feature known as DNA Relatives.
The DNA Relatives feature allows users to opt-in to share their information with other users who may be related to them based on their genetic ancestry. The data includes things like display name, sex, birth year, current location, and some details about genetic ancestry results, such as geographic regions or ethnic groups. The data does not appear to include actual raw genetic data or health reports.
The attackers posted an initial data sample on the platform BreachForums earlier this week, claiming that it contained 1 million data points exclusively about Ashkenazi Jews, a group that has been historically persecuted and discriminated against. The attackers also claimed to have data from hundreds of thousands of users of Chinese descent. On Wednesday, the attackers began selling what they claim are 23andMe profiles for between $1 and $10 per account, depending on the scale of the purchase.
The company said that it became aware of the suspicious activity on Friday and immediately began an investigation. It also said that it has notified the affected users and advised them to change their passwords and enable two-factor authentication. The company said that it believes that the attackers may have accessed the accounts without authorization and obtained the information in violation of its terms of service.
The company also said that it has not found any evidence that its systems have been breached or that any genetic testing results have been leaked. However, it has not been clear on whether it has validated the data that the attackers leaked, noting that its investigation is ongoing and that it currently has “preliminary results.”
The breach raises concerns about the privacy and security of personal genetic data, which can reveal sensitive information about a person’s health, identity, and family history. While 23andMe claims to exceed data protection standards for its industry, some experts have warned that no system is foolproof and that users should be aware of the risks involved in sharing their DNA with third-party services.
23andMe advises their existing users to promptly take steps to ensure the security of their accounts:
We encourage our customers to take as much action to keep their account and password secure. Out of caution, we recommend taking the following steps:
- Confirm you have a strong password, one that is not easy to guess and that is unique to your 23andMe account. If you are not sure whether you have a strong password for your account, reset it by following the steps outlined here.
- Please be sure to enable multi-factor authentication (MFA) on your 23andMe account. You can enable MFA by following the steps outlined here.
- Review our Privacy and Security Checkup page with additional information on how to keep your account secure.