San Francisco, Oct 8 (SocialNews.XYZ) US-based biotech company 23andMe, known for its DNA testing kits, has confirmed that its user data is circulating on hacker forums, attributing the leak to a credential-stuffing attack.
According to BleepingComputer, a hacker recently leaked samples of data that was stolen from a genetics firm and, after a few days, offered to sell data packs belonging to 23andMe customers.
A credential-stuffing attack involves obtaining previously compromised user information (for example, usernames and passwords) from one organisation and attempting to reuse it with a second organisation.
According to the report, the threat actor released 1 million lines of data for Ashkenazi people in the initial data leak. However, on October 4, the hacker offered to sell data profiles in bulk for $1-$10 per 23andMe account, depending on the number of accounts purchased.
"We were made aware that certain 23andMe customer profile information was compiled through access to individual 23andMe.com accounts. We do not have any indication at this time that there has been a data security incident within our systems," a 23andMe spokesperson was quoted as saying.
"Rather, the preliminary results of this investigation suggest that the login credentials used in these access attempts may have been gathered by a threat actor from data leaked during incidents involving other online platforms where users have recycled login credentials," it added.
This incident exposed full names, usernames, profile photos, sex, date of birth, genetic ancestry results, and geographical location, the report said.
The accounts that were compromised had opted into the platform's 'DNA Relatives' feature, which allows users to find and connect with genetic relatives.
As the platform offers multi-factor authentication (MFA)as an additional account protection measure, the company encouraged all users to enable it.
"Please be sure to enable multi-factor authentication on your 23andMe account," the company said.
Source: IANS
Gopi Adusumilli is a Programmer. He is the editor of SocialNews.XYZ and President of AGK Fire Inc.
He enjoys designing websites, developing mobile applications and publishing news articles on current events from various authenticated news sources.
When it comes to writing he likes to write about current world politics and Indian Movies. His future plans include developing SocialNews.XYZ into a News website that has no bias or judgment towards any.
He can be reached at gopi@socialnews.xyz
This website uses cookies.