Gene testing firm 23andMe confirms legitimacy of stolen data sold by hackers: Report  

U.S. genetics and genomics firm 23andMe said sensitive user data being sold by threat actors was legitimate and was stolen using a credential stuffing attack  

October 09, 2023 02:10 pm | Updated 02:11 pm IST

The Hindu Bureau
Threat actors leaked samples of data that were allegedly stolen from a genetics firm and were selling the data.

Threat actors leaked samples of data that were allegedly stolen from a genetics firm and were selling the data. | Photo Credit: Reuters

U.S.-based biotechnology and genomics firm has confirmed customers’ samples of saliva data is being sold by hackers. The genetic testing company receives samples from people who wish to know their ancestry and genetic predisposition.

The company attributes the stolen data to credential-stuffing attacks, a report Bleeping Computer said.

Threat actors leaked samples of data that were allegedly stolen from a genetics firm and were selling the data packs belonging to 23andMe customers. Threat actors claim to have access to bulk data that they are willing to sell for $1-$10 per 23andMe account, depending on how many were purchased, the report shared.

Breached information includes full names, usernames, profile photos, sex, data of birth, genetic ancestry results, and geographical locations.

23andMe has attributed the data being sold to a credential stuffing attack. The company also said there is no indication of a data breach within its systems.

Credential stuffing is a cyberattack where cybercriminals make use of compromised credentials to gain unauthorsied access to protected accounts.

Initial investigations suggest that attackers made use of the “DNA Relatives” feature, which allows users to find genetic relatives and connect with them to scrape data of their DNA Relatives matches to launch the attack.

The attack highlights the threat arising from reusing passwords, which in case of leaks can be used to compromise multiple accounts across different platforms.

