Published On: Sun, Oct 22nd, 2023

Massive Data Breach: Hacker Leaks Millions Of New 23andMe User Records

Massive Data Breach: Hacker Leaks Millions Of New 23andMe User Records
Massive Data Breach: Hacker Leaks Millions Of New 23andMe User Records

In a startling turn of events, the same hacker responsible for the recent data breach at the genetic testing giant, 23andMe, has struck again, unleashing a fresh torrent of stolen user data.

On Tuesday, an enigmatic hacker known as Golem released an extensive dataset containing the personal records of approximately four million 23andMe users. This cache of stolen data made its ominous debut on the notorious cybercrime forum, BreachForums. Shockingly, TechCrunch’s investigation revealed that some of this newly disclosed information corresponded to known 23andMe user profiles and genetic data already in the public domain.

Golem, the audacious hacker behind this breach, boldly claimed that the dataset encompassed details of individuals hailing from Great Britain, including data pertaining to “the wealthiest people living in the U.S. and Western Europe.”

In response to this security crisis, Andy Kill, a spokesperson for 23andMe, issued a statement asserting the company’s awareness of the latest data leak. He conveyed that they were diligently scrutinizing the data to ascertain its authenticity.

This breach saga began on October 6 when 23andMe publicly acknowledged the initial hack. The company revealed that the hackers had exploited a technique known as “credential stuffing.” This method involves the trial-and-error use of combinations of publicly available usernames or emails along with their corresponding passwords, often gleaned from previous data breaches.

As a precautionary measure, 23andMe urged its users to reset their passwords and activate multi-factor authentication. The company also initiated a comprehensive investigation into the breach, enlisting the assistance of third-party forensic experts. In a somewhat contentious move, 23andMe attributed the breach partly to its users’ habit of reusing passwords. They also singled out an opt-in feature called “DNA Relatives,” which permits users to access the genetic data of other individuals who have opted in and share genetic similarities. This feature potentially allowed hackers to access data from multiple users by breaching a single account.

Numerous questions surrounding the breach remain unanswered. It remains uncertain whether the hackers exclusively employed credential stuffing or if other methods were utilized in the data theft. The extent of the stolen user data also remains unclear, as well as the motives behind this audacious act.

Remarkably, this incident appears to have unfolded several months ago. On August 11, another hacker operating on a cybercrime forum named Hydra advertised a colossal trove of 23andMe user data. Intriguingly, this dataset exhibited overlaps with the user records leaked just two weeks ago, according to TechCrunch’s investigative analysis.

Notably, the hacker on Hydra claimed to possess a staggering 300 terabytes of 23andMe user data. However, no substantiating evidence accompanied this audacious assertion.

As the dust continues to settle, it is abundantly clear that the true scale of this data breach remains shrouded in uncertainty. Even 23andMe itself is grappling with the challenge of ascertaining the precise extent of data that has been compromised.

Please follow and like us:

🤞 Don’t miss latest news!

Most Popular News