23andMe’s Customer Genetic Profiles on Sale by Hacker

An unidentified cyber attacker is advertising the sale of “millions” of genetic profiles from compromised 23andMe customer accounts.

Quick Facts

  • 23andMe Breach: While the hacker claims to have acquired vast amounts of genetic profiles, 23andMe confirms that the actual breach occurred on individual customer accounts, not on their main database.
  • Data Types: The compromised profiles consist of email addresses, photographs, gender, birth dates, and DNA ancestry information. This data can potentially be used for targeting users based on ethnicity.
  • DNA Relatives Tool: The hacker purportedly created additional profiles using the 23andMe “DNA Relatives” tool, enabling users to connect with potential relatives by sharing similar DNA sequences.

The unsettling discovery of genetic profiles being up for sale from 23andMe customer accounts shines a light on the increasing vulnerability of personal information in the digital age. 23andMe, renowned for its genetics test kits that deliver ancestry and health reports from saliva samples, verified that the data for sale was genuine. Interestingly, the company revealed that there was no direct breach of their information systems. Instead, the hacker accessed individual accounts by re-utilizing login details obtained from other hacked service databases.

Further deepening the issue, the hacker leveraged 23andMe’s “DNA Relatives” feature. This function allows users to find and connect with potential family members based on shared DNA. The cybercriminal duplicated profiles by copying names of the 23andMe users’ connected relatives. Such an act not only increases the number of compromised accounts but also exacerbates the potential misuse of the information.

The genetic testing company, in response to these revelations, has prioritized its investigation into the matter. In a public statement, 23andMe emphasized their dedication to user data security and their ongoing efforts to validate and rectify the situation. The company’s commitment to its user base and data security will undoubtedly be tested in the wake of this breach.

For Further Reading
Genetic PrivacyGenetic privacy pertains to the concept of preserving and protecting an individual’s information derived from their DNA. As genetic testing becomes more mainstream, concerns arise over who can access this data and for what purposes. Such information, if mishandled, can be used for discrimination, identity theft, or even targeted advertising. [Wikipedia]


How did the hacker obtain the 23andMe data?

Instead of breaching 23andMe’s central system, the hacker accessed individual accounts using credentials from other compromised online services.

What type of data was compromised?

The exposed data includes email addresses, photos, gender, date of birth, and DNA ancestry information.

Has 23andMe taken steps to address the situation?

Yes, 23andMe has emphasized their dedication to investigating the matter and ensuring the security of user data.

Original article sourced from Yahoo Finance.