23andMe Investigates Security Incident as Alleged Stolen User Data Surfaces Online

77
3
23andMe Investigates Security Incident as Alleged Stolen User Data Surfaces Online

Genetic testing company 23andMe is currently investigating a security breach after hackers recently advertised a collection of allegedly stolen user data on a hacking forum. However, it has come to light that this data may have been circulating for a longer period of time than initially believed. TechCrunch has discovered that some of the data being advertised actually matches known 23andMe user information.

Last week, a hacker on a cybercrime forum known as Hydra advertised a trove of 23andMe user data that correlates with the data leaked on another hacking forum called BreachForums. In a previous post on Hydra, the hacker claimed to possess 300 terabytes of stolen 23andMe user data and accused 23andMe of not taking the matter seriously when they were alerted about it. The hacker demanded $50 million for the data and offered to sell only a portion of it for smaller sums.

However, it seems that someone had seen the initial Hydra post and alerted the community by posting it on the unofficial 23andMe subreddit on Reddit. The hacker had shared the alleged genetic data of a high-ranking Silicon Valley executive, which exhibited similarities to the datasets highlighted on BreachForums. These datasets purportedly contained the profiles of one million 23andMe users of Jewish Ashkenazi descent and Chinese users.

23andMe has consistently declined to confirm the veracity of the leaked data and has remained tight-lipped about its knowledge of the hacking forum post from two months ago.

TechCrunch has analyzed a portion of the allegedly stolen data by cross-referencing it with publicly available genealogy records. They discovered several records in the stolen data that matched the user profiles and genetic information found in these public records. This aligns with 23andMe's suggestion that the stolen data was obtained through credential stuffing, where hackers gain unauthorized access to accounts by using passwords that were previously leaked or published online.

In essence, 23andMe is attributing the leak to users reusing passwords and emphasizing that hackers gained access to accounts and harvested data, including information about the victims' relatives. The company has also pointed out that a feature called DNA Relatives, which users can opt into, may have played a role in the hackers amassing such a large amount of data.

It is still uncertain whether all the advertised data is genuine or how much legitimate data the hackers actually possess. Hackers often exaggerate the amount of data they have to increase its value on hacking forums.

Meanwhile, as a precautionary measure, 23andMe has prompted all users to reset their passwords and activate multi-factor authentication. TechCrunch spoke to two users, one who received a password reset email and another who did not. However, the latter was still required to change their password upon logging into their account on 23andMe.