Jonathan Greig writes by way of The Report: Genetic testing large 23andMe confirmed {that a} knowledge scraping incident resulted in hackers getting access to delicate consumer info and promoting it on the darkish net. The knowledge of almost 7 million 23andMe customers was provided on the market on a cybercriminal discussion board this week. The knowledge included origin estimation, phenotype, well being info, images, identification knowledge and extra. 23andMe processes saliva samples submitted by prospects to find out their ancestry.
When requested concerning the submit, the corporate initially denied that the knowledge was reliable, calling it a “deceptive declare” in an announcement to Recorded Future Information. The corporate later stated it was conscious that sure 23andMe buyer profile info was compiled by unauthorized entry to particular person accounts that have been signed up for the DNA Relative function — which permits customers to decide in for the corporate to point out them potential matches for relations. […] When pressed on how compromising a handful of consumer accounts would give somebody entry to tens of millions of customers, the spokesperson stated the corporate doesn’t imagine the menace actor had entry to the entire accounts however reasonably gained unauthorized entry to a a lot smaller variety of 23andMe accounts and scraped knowledge from their DNA Relative matches.
A researcher approached Recorded Future Information after inspecting the leaked database and located that a lot of it seemed actual. […] The researcher downloaded two recordsdata from the BreachForums submit and located that one had info on 1 million 23andMe customers of Ashkenazi heritage. The opposite file included knowledge on greater than 300,000 customers of Chinese language heritage. The information included profile and account ID numbers, names, gender, delivery yr, maternal and paternal genetic markers, ancestral heritage outcomes, and knowledge on whether or not or not every consumer has opted into 23andme’s well being knowledge. The researcher added that he found one other challenge the place somebody may enter a 23andme profile ID, like those included within the leaked knowledge set, into their URL and see somebody’s profile. The information out there by this solely consists of profile images, names, delivery years and placement however doesn’t embody take a look at outcomes.
