CyberSecurityBoard
Sponsor Register Login

Hacker leaks millions of new 23andMe genetic data profiles

A hacker has leaked an additional 4.1 million stolen 23andMe genetic data profiles for people in Great Britain and Germany on a hacking forum. Earlier this month, a threat actor leaked the stolen data of 1 million Ashkenazi Jews who used 23andMe services to find their ancestry info and genetic predispositions. 23andMe told BleepingComputer that this data was obtained through credential stuffing attacks on accounts using weak passwords or credentials exposed in other data breaches. The company says that only a limited number of accounts were breached, but they opted into the 'DNA Relatives' feature, allowing the threat actor to scrape millions of individual's data. Yesterday, a threat actor named 'Golem,' who is allegedly behind the 23andMe attacks, leaked an additional 4.1 million data profiles of people in Great Britain and Germany on the BreachForums hacking forum. This additional leak includes 4,011,607 lines of 23andMe data for people living in Great Britain. The threat actors claim that the stolen data includes genetic information on the royal family, the Rothschilds, and the Rockefellers. "You can see the wealthiest people living in the US and Western Europe on this list," the hackers say in the below forum post. Today, the same hacker released an additional CSV file containing the 23andMe data of 139,172 people living in Germany. As reported by TechCrunch, some of the newly leaked data from Great Britain has been verified as matching known and public user and genetic information. TechCrunch also reports that some of the leaked 23andMe data was being sold in August 2023 on the now-shutdown Hydra hacking forum, where the threat actor claimed to have stolen 300 terabytes of data. The threat actor on BreachForums also claims to have "Hundreds of TBs of data" in their possession, likely indicating that this is the same stolen data. With the amount of allegedly stolen information, we will likely continue to see further data leaks as the threat actor attempts to drum up enough interest to get a buyer. While 23andMe says that only a small number of customer accounts were breached, the DNA Relatives feature turned this into a significantly larger data leak. These leaks have already led to a myriad of lawsuits against 23andMe that claim there is a lack of information about the breach and that the company did not adequately protect customers' data. Genetics firm 23andMe says user data stolen in credential stuffing attack. 23andMe hit with lawsuits after hacker leaks stolen genetics data. ShinyHunters member pleads guilty to $6 million in data theft damages. T-Mobile denies new data breach rumors, points to authorized retailer. German financial agency site disrupted by DDoS attack since Friday.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Thu, 30 Nov 2023 23:19:27 +0000


Cyber News related to Hacker leaks millions of new 23andMe genetic data profiles

DNA testing: What happens if your genetic data is hacked? - The personal information of millions of people who sent swabs of their DNA to consumer testing services have been leaked in high profile hacks in recent years, leading to questions about how secure that genetic data is. In autumn 2023, a hacker ...
4 months ago Packetstormsecurity.com
Hacker leaks millions of new 23andMe genetic data profiles - A hacker has leaked an additional 4.1 million stolen 23andMe genetic data profiles for people in Great Britain and Germany on a hacking forum. Earlier this month, a threat actor leaked the stolen data of 1 million Ashkenazi Jews who used 23andMe ...
7 months ago Bleepingcomputer.com
23andMe failed to detect mega-breach attackers for 5 months The Register - Biotech and DNA-collection biz 23andMe, the one that blamed its own customers for the October mega-breach, just admitted it failed to detect any malicious activity for the entire five months attackers were breaking into user accounts. In a collection ...
5 months ago Go.theregister.com
23andMe confirms nearly 7 million customers affected in data leak - Nearly 7 million 23andMe customers had their profile data leaked in a cybersecurity incident in October, a company spokesperson confirmed to SC Media on Monday. The vast majority of the leaked data was scraped from the site's DNA Relatives feature ...
6 months ago Packetstormsecurity.com
23andMe Faces Legal Backlash Over Data Breach and Blames Victims - Facing a deluge of more than 30 lawsuits from individuals impacted by a substantial data breach, genomics company 23andMe has taken a defensive stance by placing responsibility on the victims themselves. The breach came to light in October when ...
5 months ago Cysecurity.news
23andMe: It's YOUR Fault We Lost Your Data - DNA testing firm doubles down on blaming victims and sics lawyer on them. Millions of 23andMe users had their personal information stolen last year. Apparently, it's not the firm's responsibility-it's the users' own fault that a distant relative had ...
6 months ago Securityboulevard.com
23andMe says, er, actually some genetic and health data might have been accessed in recent breach - In October we reported that the data of as many as seven million 23andMe customers were for sale on criminal forums following a password attack against the genomics company. Now, a filing with the US Securities and Exchange Commission has provided ...
7 months ago Malwarebytes.com
23andMe Is On The Ventilator. Its CEO Remains 'Hopeful' - The Silicon Valley and Wall Street golden kid 23andMe was the DNA testing firm just three years ago. The company is currently in risk of being delisted from the Nasdaq. CEO of 23andMe Anne Wojcicki tells CNN that Wall Street shouldn't write her off ...
4 months ago Cysecurity.news
23andMe Says Hackers Saw Data From Millions of Users - Personal genetics firm 23andMe on Tuesday confirmed that hackers using stolen passwords accessed the personal information about 6.9 million of its members. While the hackers were only able to get into about 14,000 accounts, or 0.1 percent of its ...
6 months ago Securityweek.com
23andMe told victims of data breach that suing is futile, letter shows - Last year, hackers accessed 14,000 accounts on 23andMe by using passwords that had been previously breached during security incidents on other websites. By using this tactic, known as credential stuffing, hackers could access the personal data of ...
5 months ago Packetstormsecurity.com
23andMe Blames User "Negligence" for Data Breach - DNA testing firm 23andMe has argued the victims are responsible for the breach of highly sensitive genomics data on its systems last year. The DNA testing firm argued this allowed the attackers to launch a credential stuffing campaign using usernames ...
5 months ago Infosecurity-magazine.com
Infosec experts divided over 23andMe's breach blame game The Register - 23andMe users' godawful password practices were supposedly to blame for the biotech company's October data disaster, according to its legal reps. Nope, the biotech firm's infrastructure management was certainly not at fault in any way when 6.9 ...
6 months ago Go.theregister.com
23andMe: "Negligent" Users at Fault for Breach of 6.9M Records - Up against an onslaught of lawsuits, 23andMe is denying liability for millions of users' genetic records leaked last fall. In a letter sent to a group of users suing the company obtained by TechCrunch, lawyers representing the biotech company laid ...
5 months ago Darkreading.com
Bioinformatics: Revolutionizing Healthcare and Research - Bioinformatics plays a crucial role in decoding complex biological data to drive advancements in healthcare and research. In the realm of healthcare technology, bioinformatics is essential for personalized medicine, where treatments are tailored to ...
3 months ago Securityzap.com
23andMe updates user agreement to prevent data breach lawsuits - In October, a threat actor attempted to sell 23andMe customer data and, after failing to do so, leaked the data for 1 million Ashkenazi Jews and 4.1 million people living in the United Kingdom. 23andMe told BleepingComputer that the data was obtained ...
6 months ago Bleepingcomputer.com
23andMe: Data Breach Was a Credential-Stuffing Attack - DNA testing company 23andMe has released further details surrounding an October data breach, where user profile information had been accessed and downloaded at the hands of a threat actor. On Oct. 1, a threat actor made a post on the Dark Web ...
7 months ago Darkreading.com
How Can DSPM Prevent High-Profile Breaches? - In early October 2023, a DNA testing company for ancestry discovery purposes, 23andMe, disclosed that it suffered a data breach. On the 5th of December 2023, the company shared that the data breach was more damaging than was initially reported. On ...
6 months ago Gbhackers.com
23andMe responds to breach with new suit-limiting user terms The Register - Security in brief The saga of 23andMe's mega data breach has reached something of a conclusion, with the company saying its probe has determined millions of leaked records originated from illicit break-ins into just 14,000 accounts. In an update on ...
6 months ago Go.theregister.com
23andMe - 23andMe is a revolutionary service that analyzes your DNA and provides insights into your health, ancestry, and traits. This saliva-based DNA service offers personalized reports on your ancestry, family history, traits, and more. With one of the ...
6 months ago
Hacker Conversations: Chris Evans, Hacker and CISO - Chris Evans is CISO and chief hacking officer at HackerOne. SecurityWeek's Hacker Conversations series seeks to understand the mind and motivations of hackers by talking to hackers. Evans challenges the common perception of both hackers and their ...
3 days ago Securityweek.com
Tech Security Year in Review - In this Tech Security Year in Review for 2023, let's look into the top data breaches of the past year. Each factor contributes to the growing threatscape, demanding a proactive and adaptable cybersecurity approach to safeguard your organization ...
6 months ago Securityboulevard.com
Data De-Identification: Balancing Privacy, Efficacy & Cybersecurity - COMMENTARY. Global data privacy laws were created to address growing consumer concerns about individual privacy. These laws include several best practices for businesses about storing and using consumers' personal data so that the exposure of ...
7 months ago Darkreading.com
The 23andMe Data Breach Keeps Spiraling - More details are emerging about a data breach the genetic testing company 23andMe first reported in October. As the company shares more information, the situation is becoming even murkier and creating greater uncertainty for users attempting to ...
6 months ago Wired.com
DNA Security: Companies Must Meet Strict Penalties for Risking Users' Data - The pressing concern of companies ignoring DNA security DNA security is a concern that is often not talked about in the cybersecurity landscape. Personal information is what's buzzing these days. The latest 23andMe data breach serves as a sharp ...
6 months ago Cysecurity.news
Hacking Protected Java-Based Programs - This article provides examples of hacking techniques that can help Java developers avoid vulnerabilities in their programs. It is not intended to train hackers but rather for naive developers who think that standard obfuscators will save them from ...
6 months ago Feeds.dzone.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)