23andMe acknowledged this week that knowledge from customers of its genetic testing and evaluation platform has been circulating on darkish net boards after what it says was a credential-stuffing assault, according to BleepingComputer. The outlet wrote {that a} hacker reportedly leaked what they mentioned was “1 million strains of knowledge” for Ashkenazi Jewish individuals earlier than saying it might promote the info it had stolen for $1 – $10 per account. The information consists of customers’ names, profile photographs, genetic ancestry outcomes, date of start, and geographical location.
In to a press release supplied to BleepingComputer, the corporate confirmed the info is authentic, however says attackers hadn’t breached its inner methods. In line with the corporate, “the preliminary outcomes of this investigation recommend that the login credentials utilized in these entry makes an attempt could have been gathered by a menace actor from knowledge leaked throughout incidents involving different on-line platforms the place customers have recycled login credentials.” BleepingComputer experiences that whereas the preliminary assault relied on passwords shared with accounts on beforehand compromised providers, a lot of the leaked knowledge was scraped from extra accounts utilizing certainly one of 23andMe’s personal options, referred to as ‘DNA Family.”
As many as 7 million accounts could also be within the sale, PCMag reported on Wednesday, citing a post from Dark Web Informer that shared screenshots of one other now-deleted hacker discussion board submit. That’s roughly half the entire variety of customers on 23andMe’s platform. According to ArsTechnica, hackers claimed that 23andMe’s CEO knew in regards to the leaked knowledge two months prior, however didn’t disclose the incident.