ADVERTISEMENT

Gene testing firm 23andMe confirms legitimacy of stolen data sold by hackers: Report  

October 09, 2023 02:10 pm | Updated 02:11 pm IST

U.S. genetics and genomics firm 23andMe said sensitive user data being sold by threat actors was legitimate and was stolen using a credential stuffing attack  

The Hindu Bureau

Threat actors leaked samples of data that were allegedly stolen from a genetics firm and were selling the data. | Photo Credit: Reuters

U.S.-based biotechnology and genomics firm has confirmed customers’ samples of saliva data is being sold by hackers. The genetic testing company receives samples from people who wish to know their ancestry and genetic predisposition.

The company attributes the stolen data to credential-stuffing attacks, a report Bleeping Computer said.

Threat actors leaked samples of data that were allegedly stolen from a genetics firm and were selling the data packs belonging to 23andMe customers. Threat actors claim to have access to bulk data that they are willing to sell for $1-$10 per 23andMe account, depending on how many were purchased, the report shared.

ALSO READ
Israel's tech sector could face disruptions after attacks, say investors

Breached information includes full names, usernames, profile photos, sex, data of birth, genetic ancestry results, and geographical locations.

Sign up for newsletters, unlock features and do more on The Hindu
LOG IN
Support our reporting.
SUBSCRIBE NOW

ADVERTISEMENT

(For top technology news of the day, subscribe to our tech newsletter Today’s Cache)

23andMe has attributed the data being sold to a credential stuffing attack. The company also said there is no indication of a data breach within its systems.

Credential stuffing is a cyberattack where cybercriminals make use of compromised credentials to gain unauthorsied access to protected accounts.

Initial investigations suggest that attackers made use of the “DNA Relatives” feature, which allows users to find genetic relatives and connect with them to scrape data of their DNA Relatives matches to launch the attack.

The attack highlights the threat arising from reusing passwords, which in case of leaks can be used to compromise multiple accounts across different platforms.

This is a Premium article available exclusively to our subscribers. To read 250+ such premium articles every month
unlock them all
SUBSCRIBE NOW
If you're already a subscriber
You have exhausted your free article limit.
Please support quality journalism.
SUBSCRIBE NOW
or read this article by Downloading The Hindu News app
If you're already a subscriber
You have exhausted your free article limit.
Please support quality journalism.
SUBSCRIBE NOW
or read this article by Downloading The Hindu News app
If you're already a subscriber
The Hindu operates by its editorial values to provide you quality journalism.
Support our reporting.
SUBSCRIBE NOW
This is your last free article.
to read unlimited content from The Hindu
SUBSCRIBE NOW
Get The Hindu News App on
Get The Hindu News App on

ADVERTISEMENT

ADVERTISEMENT

To enjoy additional benefits

Make most of your subscription

Crossword+

CONNECT WITH US