Last Friday, 23andMe brought to light that the account information of an undisclosed number of users was confiscated (23andMe)Thank you for reading this post, don't forget to subscribe!
Data from a prominent home DNA testing provider, which was filched, is now being advertised for sale on a website utilized by cyber culprits.
The biotech firm 23andMe disclosed on October 6 that data from an unspecified number of users was stolen. The disclosed confidential information encompassed complete appellation, picture, date of birth, genetic ancestry results, and geographical location.
Subsequently, a hacker uploaded the stolen 23andMe data on an online forum that is frequently visited by digital thieves, where it can be traded for $1-$10 (£0.82-£8.17), as reported by the cybersecurity news site Bleeping Computer. The information was being proposed in the range of Rs.
Wired, a technological publication, reported that initially, an exposed assortment of data linked to Ashkenazi Jews and individuals of Chinese heritage was distributed on the dubious website.
23andMe is a US-founded company that furnishes comprehensive knowledge about the ancestral background and genetic well-being of users based on saliva samples.
Commenting on the incident through a statement, the company declared that customer information was “collected” by gaining access to individual 23andMe.com accounts. It asserted that there is no substantiated indication of a breach occurring within its internal systems.
The statement further mentioned that hackers may have procured user passwords that were pilfered from other websites and reused them to infiltrate 23andMe accounts. This method, widely known as credential stuffing, exploits people who utilize the same credentials (such as username and password) across different platforms.
According to the National Cyber Security Centre of the UK government, due to the practice of recycling passwords, these types of cyber assaults can jeopardize other accounts and organizations.
23andMe is presently urging all users to adopt additional security measures to safeguard their accounts. They strongly advise customers with feeble or reused passwords to modify them. Moreover, they recommend that people activate two-factor authentication.
The company has commenced an internal inquiry into the breach and is also cooperating with third-party forensic experts and US legal authorities.