With the 23andMe data breach, a massive database containing the genetic data of nearly a million individuals with Ashkenazi Jewish ancestry has surfaced on the dark web. The data was allegedly obtained from 23andMe, a popular genetic testing service that millions of people around the world have used to uncover their ancestry and health insights.
Imagine the very essence of who you are, stored in strings of DNA, exposed to the prying eyes of hackers, and potentially falling into the wrong hands. This is the unsettling reality faced by users of the renowned genetic testing service 23andMe. The 23andMe data breach has raised concerns about data security and privacy in an age when personal genetic information is becoming increasingly accessible. Here are the details.
23andMe data breach: Even your DNA is safe
In the 23andMe data breach, a database containing the genetic information of nearly one million individuals with Ashkenazi Jewish ancestry was discovered on the dark web. This database, titled “Ashkenazi DNA Data of Celebrities,” included personal details such as names, genders, and ancestral origins. While the title suggested celebrity data, most individuals in the database were ordinary users. The breach raised concerns about potential misuse of genetic data.
It’s important to note that 23andMe did not classify the breach as a traditional hack. Instead, they believed that hackers exploited vulnerabilities resulting from compromised passwords obtained from other data breaches. These hackers gained unauthorized access to 23andMe accounts and scraped information from individuals with Ashkenazi Jewish ancestry.
Here’s a detailed breakdown of the 23andMe data breach:
Discovery of the database
23andMe data breach came to light when a database titled “Ashkenazi DNA Data of Celebrities” began circulating on dark web forums. The database claimed to contain the personal information of 999,999 individuals who had used the genetic testing service 23andMe.
Despite the database’s title suggesting that it contained data on celebrities, it was primarily comprised of ordinary individuals, not public figures.
Contents of the database
The database included the following information for each individual:
- First and last name
- Gender
- 23andMe’s evaluation of their ancestral origins
Verification
NBC News, upon discovering the database, independently verified the authenticity of the data by cross-referencing it with two 23andMe users whose information appeared in the 23andMe data breach.
23andMe’s response
23andMe initiated an investigation into the incident. The company, in an official statement, did not classify the breach as a traditional hack. Instead, it suggested that hackers had exploited vulnerabilities stemming from compromised passwords obtained from previous breaches on other websites.
23andMe believed that the hackers gained access to accounts using stolen login credentials and then exploited the fact that 23andMe offers users extensive access to each other’s genetic information.
Potential for unauthorized access
The 23andMe data breach reportedly occurred when hackers gained unauthorized access to 23andMe accounts and scraped the information of individuals with Ashkenazi Jewish ancestry.
The company believes that these hackers reused passwords from other compromised accounts, thereby gaining access to the 23andMe accounts.
Ongoing investigation
23andMe continued its investigation into the incident, aiming to confirm the initial findings and understand the full scope of the breach.
The 23andMe experience
For the uninitiated, 23andMe offers genetic testing by analyzing DNA samples provided by users. It then categorizes users into various human populations, providing insights into their genetic ancestry. The leaked list appears to be a random selection of users with Ashkenazi Jewish ancestry ranking among their top three ancestral origins.
One feature, DNA Relatives, allows users to search for genetic matches among other account holders, even those who are distantly related. This feature, though valuable for genealogical research and connecting with relatives, can also be misused when hackers gain unauthorized access.
What to do now?
In response to the 23andMe data breach, the firm emphasizes its commitment to security and privacy. The company is actively investigating the matter and has not found any evidence to suggest that the breach originated within its systems.
To safeguard your genetic data and personal information, here are some recommended steps:
- Use strong and unique passwords: Ensure your 23andMe account has a robust password that is difficult to guess and not reused on other platforms.
- Enable Multi-Factor A(MFA): Activate MFA for an additional layer of security, preventing unauthorized access even with compromised passwords.
- Regularly review privacy and security settings: Take the time to review and update your privacy and security preferences on your 23andMe account.
You can contact 23andMe’s customer service at [email protected] if you need assistance.
Latest cyber attacks
It’s crucial to remember that protecting your genetic privacy is a shared responsibility between users and service providers. While 23andMe remains committed to enhancing its security measures, users must also take steps to fortify their online defenses.
In conclusion, the recent 23andMe data breach serves as a stark reminder of the importance of maintaining strong cybersecurity practices in an age where personal genetic information is at risk. By following these recommendations and staying vigilant, users can better protect their genetic privacy and personal data in an increasingly digital world.
For more information, click here.
Featured image credit: 23andMe
