23andMe Failed to Detect Account Intrusions for Months

The tactic came to light in a trove of hacked police records published by the transparency collective Distributed Denial of Secrets.
Information about United States intelligence agencies purchasing Americans' phone location data and internet metadata without a warrant was revealed this week only after US senator Ron Wyden blocked the appointment of a new NSA director until the information was made public.
Breaches of Microsoft and Hewlett-Packard Enterprise, disclosed in recent days, have pushed the espionage operations of the well-known Russia-backed hacking group Midnight Blizzard back into the spotlight.
Amazon-owned Ring said this week that it is shutting down a feature of its controversial Neighbors app that gave law enforcement a free pass to request footage from users without a warrant.
WIRED had a deep dive this week into the Israel-linked hacking group known as Predatory Sparrow and its notably aggressive offensive cyberattacks, particularly against Iranian targets, which have included crippling thousands of gas stations and setting a steel mill on fire.
With so much going on, we've got the perfect quick weekend project for iOS users who want to feel more digitally secure: Make sure you've upgraded your iPhone to iOS 17.3 and then turn on Apple's new Stolen Device Protection feature, which could block thieves from taking over your accounts.
Each week, we highlight the news we didn't cover in-depth ourselves.
After first disclosing a breach in October, the ancestry and genetics company 23andMe said in December that personal data from 6.9 million users was impacted in the incident stemming from attackers compromising roughly 14,000 user accounts.
These accounts then gave attackers access to information voluntarily shared by users in a social feature the company calls DNA Relatives.
23andMe has blamed users for the account intrusions, saying that they only occurred because victims set weak or reused passwords on their accounts.
A state-mandated filing in California about the incident reveals that the attackers started compromising customers' accounts in April and continued through much of September without the company ever detecting suspicious activity-and that someone was trying to guess and brute-force users' passwords.
The official said that Pyongyang has not yet begun incorporating generative AI into active offensive hacking operations but that South Korean officials are monitoring the situation closely.
More broadly, researchers say they are alarmed by North Korea's development and use of AI tools for multiple applications.
The digital ad industry is notorious for enabling the monitoring and tracking of users across the web.
New findings from 404 Media highlight a particularly insidious service, Patternz, that draws data from ads in hundreds of thousands of popular, mainstream apps to reportedly fuel a global surveillance dragnet.
Researchers from MIT's Computer Science and Artificial Intelligence Laboratory have devised an algorithm that could be used to convert data from smart devices' ambient light sensors into an image of the scene in front of the device.
A tool like this could be used to turn a smart home gadget or mobile device into a surveillance tool.
Ambient light sensors measure light in an environment and automatically adjust a screen's brightness to make it more usable in different conditions.
Because ambient light data isn't considered to be sensitive, these sensors automatically have certain permissions in an operating system and generally don't require specific approval from a user to be used by an app.
As a result, the researchers point out that bad actors could potentially abuse the readings from these sensors without users having recourse to block the information stream.


This Cyber News was published on www.wired.com. Publication date: Sat, 27 Jan 2024 14:43:05 +0000


Cyber News related to 23andMe Failed to Detect Account Intrusions for Months

23andMe failed to detect mega-breach attackers for 5 months The Register - Biotech and DNA-collection biz 23andMe, the one that blamed its own customers for the October mega-breach, just admitted it failed to detect any malicious activity for the entire five months attackers were breaking into user accounts. In a collection ...
10 months ago Go.theregister.com
23andMe: It's YOUR Fault We Lost Your Data - DNA testing firm doubles down on blaming victims and sics lawyer on them. Millions of 23andMe users had their personal information stolen last year. Apparently, it's not the firm's responsibility-it's the users' own fault that a distant relative had ...
11 months ago Securityboulevard.com
DNA testing: What happens if your genetic data is hacked? - The personal information of millions of people who sent swabs of their DNA to consumer testing services have been leaked in high profile hacks in recent years, leading to questions about how secure that genetic data is. In autumn 2023, a hacker ...
10 months ago Packetstormsecurity.com
23andMe confirms nearly 7 million customers affected in data leak - Nearly 7 million 23andMe customers had their profile data leaked in a cybersecurity incident in October, a company spokesperson confirmed to SC Media on Monday. The vast majority of the leaked data was scraped from the site's DNA Relatives feature ...
1 year ago Packetstormsecurity.com
Hacker leaks millions of new 23andMe genetic data profiles - A hacker has leaked an additional 4.1 million stolen 23andMe genetic data profiles for people in Great Britain and Germany on a hacking forum. Earlier this month, a threat actor leaked the stolen data of 1 million Ashkenazi Jews who used 23andMe ...
1 year ago Bleepingcomputer.com
23andMe Faces Legal Backlash Over Data Breach and Blames Victims - Facing a deluge of more than 30 lawsuits from individuals impacted by a substantial data breach, genomics company 23andMe has taken a defensive stance by placing responsibility on the victims themselves. The breach came to light in October when ...
11 months ago Cysecurity.news
23andMe Is On The Ventilator. Its CEO Remains 'Hopeful' - The Silicon Valley and Wall Street golden kid 23andMe was the DNA testing firm just three years ago. The company is currently in risk of being delisted from the Nasdaq. CEO of 23andMe Anne Wojcicki tells CNN that Wall Street shouldn't write her off ...
10 months ago Cysecurity.news
23andMe Blames User "Negligence" for Data Breach - DNA testing firm 23andMe has argued the victims are responsible for the breach of highly sensitive genomics data on its systems last year. The DNA testing firm argued this allowed the attackers to launch a credential stuffing campaign using usernames ...
11 months ago Infosecurity-magazine.com
23andMe Says Hackers Saw Data From Millions of Users - Personal genetics firm 23andMe on Tuesday confirmed that hackers using stolen passwords accessed the personal information about 6.9 million of its members. While the hackers were only able to get into about 14,000 accounts, or 0.1 percent of its ...
1 year ago Securityweek.com
23andMe told victims of data breach that suing is futile, letter shows - Last year, hackers accessed 14,000 accounts on 23andMe by using passwords that had been previously breached during security incidents on other websites. By using this tactic, known as credential stuffing, hackers could access the personal data of ...
11 months ago Packetstormsecurity.com
23andMe: Data Breach Was a Credential-Stuffing Attack - DNA testing company 23andMe has released further details surrounding an October data breach, where user profile information had been accessed and downloaded at the hands of a threat actor. On Oct. 1, a threat actor made a post on the Dark Web ...
1 year ago Darkreading.com
23andMe says, er, actually some genetic and health data might have been accessed in recent breach - In October we reported that the data of as many as seven million 23andMe customers were for sale on criminal forums following a password attack against the genomics company. Now, a filing with the US Securities and Exchange Commission has provided ...
1 year ago Malwarebytes.com
Infosec experts divided over 23andMe's breach blame game The Register - 23andMe users' godawful password practices were supposedly to blame for the biotech company's October data disaster, according to its legal reps. Nope, the biotech firm's infrastructure management was certainly not at fault in any way when 6.9 ...
11 months ago Go.theregister.com
23andMe Failed to Detect Account Intrusions for Months - The tactic came to light in a trove of hacked police records published by the transparency collective Distributed Denial of Secrets. Information about United States intelligence agencies purchasing Americans' phone location data and internet metadata ...
10 months ago Wired.com
23andMe - 23andMe is a revolutionary service that analyzes your DNA and provides insights into your health, ancestry, and traits. This saliva-based DNA service offers personalized reports on your ancestry, family history, traits, and more. With one of the ...
1 year ago
23andMe: "Negligent" Users at Fault for Breach of 6.9M Records - Up against an onslaught of lawsuits, 23andMe is denying liability for millions of users' genetic records leaked last fall. In a letter sent to a group of users suing the company obtained by TechCrunch, lawyers representing the biotech company laid ...
11 months ago Darkreading.com
23andMe updates user agreement to prevent data breach lawsuits - In October, a threat actor attempted to sell 23andMe customer data and, after failing to do so, leaked the data for 1 million Ashkenazi Jews and 4.1 million people living in the United Kingdom. 23andMe told BleepingComputer that the data was obtained ...
1 year ago Bleepingcomputer.com
23andMe responds to breach with new suit-limiting user terms The Register - Security in brief The saga of 23andMe's mega data breach has reached something of a conclusion, with the company saying its probe has determined millions of leaked records originated from illicit break-ins into just 14,000 accounts. In an update on ...
1 year ago Go.theregister.com
The 23andMe Data Breach Keeps Spiraling - More details are emerging about a data breach the genetic testing company 23andMe first reported in October. As the company shares more information, the situation is becoming even murkier and creating greater uncertainty for users attempting to ...
1 year ago Wired.com
DNA Security: Companies Must Meet Strict Penalties for Risking Users' Data - The pressing concern of companies ignoring DNA security DNA security is a concern that is often not talked about in the cybersecurity landscape. Personal information is what's buzzing these days. The latest 23andMe data breach serves as a sharp ...
1 year ago Cysecurity.news
How Can DSPM Prevent High-Profile Breaches? - In early October 2023, a DNA testing company for ancestry discovery purposes, 23andMe, disclosed that it suffered a data breach. On the 5th of December 2023, the company shared that the data breach was more damaging than was initially reported. On ...
1 year ago Gbhackers.com
What Can Go Wrong with Bank Online Account Opening? - Online account opening is one of the most crucial functions for banks today. They pull out their driver's license and show it to the camera on the phone or on the PC. The bank checks some data and vets the driver's license and a new account is ...
1 year ago Securityboulevard.com
AWS Root vs IAM User: What to Know & When to Use Them - In Amazon Web Services, there are two different privileged accounts. One is defined as Root User and the other is defined as an IAM User. In this blog, I will break down the differences of an AWS Root User versus an IAM account, when to use one ...
1 year ago Beyondtrust.com
CSO's Guide: Water-Tight Account Security For Your Company - In today's escalating threat landscape, account takeover and credential compromise remain top attack vectors for data breaches. CSOs must mandate and implement robust account security to protect critical assets. This comprehensive guide examines ...
10 months ago Securityboulevard.com
23andMe shifts blame to users for data breach - The DNA testing company 23andMe has had a rough few months - first reported in October that data had been breached - and now, the response to those breaches due to customers taking legal action against the company. In 2023, we saw how social ...
11 months ago Itsecurityguru.org

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)