What type of cyberattack is suspected in the 23andMe data breach?

The breach is suspected to be a credential-stuffing attack, where hackers reuse login credentials obtained from previous breaches to gain unauthorized access to 23andMe accounts.

What data could be compromised in the breach?

Compromised data could include sensitive information such as genetic testing results, photographs, names, and other personal details. However, the breach did not compromise raw genetic data.

Incident

Hackers are selling the data stolen from DNA testing Company 23andMe

Q: What is the 'DNA Relative' feature by 23andMe?

The 'DNA Relative' feature by 23andMe allows users to connect and share genetic information with potential relatives who have also opted into the service.

Q: Is there any attempt to sell 23andMe profiles?

Yes, a threat actor is currently advertising the sale of what they claim to be 23andMe profiles, offering data on hundreds of thousands of users. The data supposedly includes various details such as ethnic groupings, ancestry information, phenotype details, and links to potential relatives, among other data points.

published: Oct. 6, 2023

Learn More

Genetic testing company 23andMe acknowledged a data breach that resulted in unauthorized access to certain user accounts. The breach is under investigation, and while the full scope remains uncertain, it appears to have affected users utilizing 23andMe's "DNA Relative" feature. This feature allows users to connect and share genetic information with potential relatives who have also opted into the service.

The breach is suspected to be a credential-stuffing attack, a type of cyberattack where hackers utilize login credentials obtained from previous breaches and attempt to use them across various platforms. In this case, credentials leaked from other platforms were likely reused to gain unauthorized access to 23andMe accounts.

Compromised data could include sensitive information such as

genetic testing results,
photographs,
names,
other personal details

The breach did not compromise raw genetic data.

Users are being urged to reset their passwords and enable two-factor authentication to enhance the security of their accounts.

A threat actor is currently advertising the sale of what they claim to be 23andMe profiles, offering data on hundreds of thousands of users. The data supposedly includes various details such as ethnic groupings, ancestry information, phenotype details, and links to potential relatives, among other data points.

Update - as of 4th of December 2023, the company reports that due to the "threat actor" gaining access to the personal data of approximately 14,000 customers, the hackers were also able to infiltrate around 5.5 million DNA Relatives profiles and 1.4 million Family Tree profiles. The accessible information from these 6.9 million profiles include:

display names,
relationship labels,
the percentage of shared DNA with matches,
ancestry reports,
self-reported and birth locations,
birth years,
family names,
any additional details users might have included in the 'Introduce yourself' section of their DNA Relatives profiles.

The company has completed its investigation of the security breach and plans to inform the impacted customers.

Hackers are selling the data stolen from DNA testing Company 23andMe

Read More
Cancer center City of Hope reports data breach …
Albany Gastroenterology Associates reports data breach
Aspen Dental reports data breach after ransomware attack
Long Island Weight Loss Institute Reports Data Breach …
NYC Health + Hospitals Reports Data Breach Caused …