Security Breach Alert: 23andMe Faces Cyberattack, Exposing Ancestry and Health Data
In a recent disclosure, genetic testing giant 23andMe has fallen victim to a cyberattack resulting in the compromise of approximately 14,000 customer accounts. The incident, initially reported in October, has now been further investigated, with the company revealing the extent of the breach in a recent filing with the US Securities and Exchange Commission.
Scope of the Breach
The breach affected a minute fraction, 0.1%, of 23andMe’s vast customer base, translating to around 14,000 individuals out of the company’s reported “more than 14 million customers worldwide.”
Stolen Data Details
The accessed accounts provided the hackers with a gateway to a significant number of files containing profile information linked to users’ chosen ancestry details shared through 23andMe’s DNA Relatives feature. Although the company refrained from specifying the quantity of files compromised or the exact number of impacted users, it did admit that a subset of these accounts included health-related information based on the users’ genetic data.
Exploitation of DNA Relatives Feature
Compounding the severity of the breach, hackers exploited the DNA Relatives feature, an opt-in service where users share genetic information with others. This means that by infiltrating one victim’s account, the attackers gained access not only to that individual’s data but also to the personal information of those connected through the DNA Relatives feature.
Methodology: Credential Stuffing
The initial breach, identified in October, was executed through a common cybercriminal technique known as “credential stuffing.” This method involves hackers utilizing a known password, often obtained from previous data breaches on other services, to gain unauthorized access to a victim’s account.
Mitigating Future Risks
While the company has taken steps to investigate and address the breach, it serves as a stark reminder of the evolving threats in the digital landscape. 23andMe encourages users to remain vigilant about their online security, including the use of unique and strong passwords.
Conclusion: A Call to Cyber Vigilance
As the digital realm continues to grapple with evolving cyber threats, it is imperative for individuals and organizations alike to prioritize robust cybersecurity measures. The breach at 23andMe underscores the critical importance of safeguarding sensitive genetic and personal data in an era where cyber adversaries are relentless.
The post Breaking: 23andMe Cyberattack Exposes Ancestry and Health Data of 14,000 Users – What You Need to Know! first appeared on Pagal Code.
