CyberSecurityBoard
Sponsor Register Login

23andMe confirms nearly 7 million customers affected in data leak

Nearly 7 million 23andMe customers had their profile data leaked in a cybersecurity incident in October, a company spokesperson confirmed to SC Media on Monday.
The vast majority of the leaked data was scraped from the site's DNA Relatives feature after hackers used stolen credentials to directly access about 14,000 accounts, which represents 0.1% of users.
Details of the cyber incident come on the heels of a Friday filing by 23andMe with the U.S. Securities and Exchange Commission amending a previous 8-K disclosure.
A 23andMe said that 5.5 million users had their DNA Relatives profiles leaked, with an additional 1.4 million users having their Family Tree profiles exposed.
23andMe's DNA Relatives feature enables users to see profile information of other users they are genetically related to.
Family Tree profiles are a part of the DNA Relatives feature that contains a limited subset of data.
In total, approximately 6.9 million customers using the DNA Relatives feature had some information leaked, 23andMe said.
Threat actors initially accessed 14,000 accounts out of 23andMe's 14 million customers.
By using stolen credentials from other third-party websites adversaries were able to log in to 23andMe customer accounts.
The attackers then leveraged accounts to scrape information shared by users who opted into the service's DNA Relatives feature.
This allowed hackers to expand the scope of data scraped from 23andMe.
Each compromised account, according to the company, could potentially have access to data from hundreds or thousands more users.
A review of a standard 23andMe account by SC Media revealed a customer had access to 1,500 DNA relatives.
Golem allegedly leaked information from more than 1 million Ashkenazi Jewish users and 300,000 Chinese users on Oct. 1, followed by data from an additional 4.1 million profiles of British and German customers on Oct. 17.
Golem claimed to have access to data from more than 7 million users in total.
Sensitive health data leaked in the incident includes a user's predisposition to type 2 diabetes and Parkinson's disease.
Reports also include a user's gene carrier status for cystic fibrosis, Tay-Sachs disease and others.
23andMe says it has temporarily disabled some features within the DNA Relatives tool in response to the leak and said in its amended SEC report that it is working to remove all leaked information from public access.
The company also forced all users to reset their password and encouraged them to use multi-factor authentication on Oct. 9.
23andMe says the unauthorized access to its platform was due to credential stuffing attacks where hackers used stolen credentials from unrelated third-party sites.


This Cyber News was published on packetstormsecurity.com. Publication date: Tue, 05 Dec 2023 14:43:06 +0000


Cyber News related to 23andMe confirms nearly 7 million customers affected in data leak

23andMe confirms nearly 7 million customers affected in data leak - Nearly 7 million 23andMe customers had their profile data leaked in a cybersecurity incident in October, a company spokesperson confirmed to SC Media on Monday. The vast majority of the leaked data was scraped from the site's DNA Relatives feature ...
11 months ago Packetstormsecurity.com
23andMe Faces Legal Backlash Over Data Breach and Blames Victims - Facing a deluge of more than 30 lawsuits from individuals impacted by a substantial data breach, genomics company 23andMe has taken a defensive stance by placing responsibility on the victims themselves. The breach came to light in October when ...
10 months ago Cysecurity.news
Hacker leaks millions of new 23andMe genetic data profiles - A hacker has leaked an additional 4.1 million stolen 23andMe genetic data profiles for people in Great Britain and Germany on a hacking forum. Earlier this month, a threat actor leaked the stolen data of 1 million Ashkenazi Jews who used 23andMe ...
11 months ago Bleepingcomputer.com
23andMe failed to detect mega-breach attackers for 5 months The Register - Biotech and DNA-collection biz 23andMe, the one that blamed its own customers for the October mega-breach, just admitted it failed to detect any malicious activity for the entire five months attackers were breaking into user accounts. In a collection ...
9 months ago Go.theregister.com
DNA testing: What happens if your genetic data is hacked? - The personal information of millions of people who sent swabs of their DNA to consumer testing services have been leaked in high profile hacks in recent years, leading to questions about how secure that genetic data is. In autumn 2023, a hacker ...
9 months ago Packetstormsecurity.com
23andMe: It's YOUR Fault We Lost Your Data - DNA testing firm doubles down on blaming victims and sics lawyer on them. Millions of 23andMe users had their personal information stolen last year. Apparently, it's not the firm's responsibility-it's the users' own fault that a distant relative had ...
10 months ago Securityboulevard.com
How to perform a proof of concept for automated discovery using Amazon Macie | AWS Security Blog - After reviewing the managed data identifiers provided by Macie and creating the custom data identifiers needed for your POC, it’s time to stage data sets that will help demonstrate the capabilities of these identifiers and better understand how ...
1 month ago Aws.amazon.com
23andMe Blames User "Negligence" for Data Breach - DNA testing firm 23andMe has argued the victims are responsible for the breach of highly sensitive genomics data on its systems last year. The DNA testing firm argued this allowed the attackers to launch a credential stuffing campaign using usernames ...
10 months ago Infosecurity-magazine.com
23andMe says, er, actually some genetic and health data might have been accessed in recent breach - In October we reported that the data of as many as seven million 23andMe customers were for sale on criminal forums following a password attack against the genomics company. Now, a filing with the US Securities and Exchange Commission has provided ...
11 months ago Malwarebytes.com
23andMe updates user agreement to prevent data breach lawsuits - In October, a threat actor attempted to sell 23andMe customer data and, after failing to do so, leaked the data for 1 million Ashkenazi Jews and 4.1 million people living in the United Kingdom. 23andMe told BleepingComputer that the data was obtained ...
11 months ago Bleepingcomputer.com
23andMe Says Hackers Saw Data From Millions of Users - Personal genetics firm 23andMe on Tuesday confirmed that hackers using stolen passwords accessed the personal information about 6.9 million of its members. While the hackers were only able to get into about 14,000 accounts, or 0.1 percent of its ...
11 months ago Securityweek.com
23andMe Is On The Ventilator. Its CEO Remains 'Hopeful' - The Silicon Valley and Wall Street golden kid 23andMe was the DNA testing firm just three years ago. The company is currently in risk of being delisted from the Nasdaq. CEO of 23andMe Anne Wojcicki tells CNN that Wall Street shouldn't write her off ...
9 months ago Cysecurity.news
Infosec experts divided over 23andMe's breach blame game The Register - 23andMe users' godawful password practices were supposedly to blame for the biotech company's October data disaster, according to its legal reps. Nope, the biotech firm's infrastructure management was certainly not at fault in any way when 6.9 ...
10 months ago Go.theregister.com
23andMe: Data Breach Was a Credential-Stuffing Attack - DNA testing company 23andMe has released further details surrounding an October data breach, where user profile information had been accessed and downloaded at the hands of a threat actor. On Oct. 1, a threat actor made a post on the Dark Web ...
11 months ago Darkreading.com
Identity Crisis: 14 Million Individuals at Risk After Mortgage Lender's Data Breach - Mr Cooper, the private mortgage lender, has now admitted almost 14.7 million individuals' private data has been stolen in a previous IT security breach, which resulted in the theft of their addresses and bank account numbers, but it is estimated the ...
10 months ago Cysecurity.news
23andMe told victims of data breach that suing is futile, letter shows - Last year, hackers accessed 14,000 accounts on 23andMe by using passwords that had been previously breached during security incidents on other websites. By using this tactic, known as credential stuffing, hackers could access the personal data of ...
10 months ago Packetstormsecurity.com
Tech Security Year in Review - In this Tech Security Year in Review for 2023, let's look into the top data breaches of the past year. Each factor contributes to the growing threatscape, demanding a proactive and adaptable cybersecurity approach to safeguard your organization ...
10 months ago Securityboulevard.com
23andMe: "Negligent" Users at Fault for Breach of 6.9M Records - Up against an onslaught of lawsuits, 23andMe is denying liability for millions of users' genetic records leaked last fall. In a letter sent to a group of users suing the company obtained by TechCrunch, lawyers representing the biotech company laid ...
10 months ago Darkreading.com
23andMe responds to breach with new suit-limiting user terms The Register - Security in brief The saga of 23andMe's mega data breach has reached something of a conclusion, with the company saying its probe has determined millions of leaked records originated from illicit break-ins into just 14,000 accounts. In an update on ...
11 months ago Go.theregister.com
23andMe - 23andMe is a revolutionary service that analyzes your DNA and provides insights into your health, ancestry, and traits. This saliva-based DNA service offers personalized reports on your ancestry, family history, traits, and more. With one of the ...
11 months ago
T-Mobile Data Breach Affects 37 Million Customers: What You Should Know - T-Mobile recently announced that a data breach of its API had impacted the personal records of over 37 million customers. The breach occurred on the T-Mobile website, and could have allowed unauthorized users to access customer data such as name, ...
1 year ago Heimdalsecurity.com
How Can DSPM Prevent High-Profile Breaches? - In early October 2023, a DNA testing company for ancestry discovery purposes, 23andMe, disclosed that it suffered a data breach. On the 5th of December 2023, the company shared that the data breach was more damaging than was initially reported. On ...
11 months ago Gbhackers.com
Ticketmaster confirms massive breach after stolen data for sale online - Live Nation has confirmed that Ticketmaster suffered a data breach after its data was stolen from a third-party cloud database provider, which is believed to be Snowflake. While the breach has allegedly exposed the data of over 560 million ...
5 months ago Bleepingcomputer.com
Mr. Cooper breach affects more than 14.6M - Mr. Cooper, a major U.S. mortgage servicer, says an October data breach affected nearly 14.7 million people, including all its current and former customers. Mr. Cooper provided a data breach notification to the Office of the Maine Attorney General ...
11 months ago Packetstormsecurity.com
Samsung hit by new data breach impacting UK store customers - Samsung Electronics is notifying some of its customers of a data breach that exposed their personal information to an unauthorized individual. The company says that the cyberattack impacted only customers who made purchases from the Samsung UK online ...
11 months ago Bleepingcomputer.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)