The renowned DNA testing service, 23andMe, is currently investigating claims of a data breach [2]. This breach has raised concerns about privacy violations [2], unauthorized research or third-party sales [2], and emotional distress caused by unexpected revelations [2].
Description
23andMe is investigating a data breach after customer data was allegedly offered for sale on a cybercrime forum. While the breach did not compromise the company’s internal systems, unauthorized access to customer profiles occurred due to the reuse of username-password combinations from unrelated breaches [2]. The breach was exacerbated by the company’s vulnerable “DNA Relatives” service, which facilitates connections between genetically related individuals [2]. Potentially exposed information includes user display names [2], birth year [2], profile photo [2] [4], gender [2] [4] [5], location [1] [2] [3] [4], relationship estimations [2], DNA match statistics [2], and more. The compromised data set [3], initially offered for sale and then expanded [2], includes tailored ethnic groupings [2], origin estimations [2], haplogroup details [2], phenotype information [2] [3] [4], photographs [2], links to potential relatives [2], and raw data profiles [2].
Conclusion
This breach has significant implications for privacy, as it raises concerns about unauthorized access to personal information and the potential for third-party sales. It also highlights the emotional distress that can be caused by unexpected revelations. 23andMe, a biotech company specializing in genetic testing, is currently conducting an investigation to determine the extent of the breach and address any vulnerabilities in their data protection practices. This incident serves as a reminder of the importance of robust security measures and the need for ongoing vigilance in safeguarding sensitive personal data.
References
[1] https://www.washingtonpost.com/technology/2023/10/06/23andme-hacked-data/
[2] https://www.bitdefender.com/blog/hotforsecurity/23andme-investigates-potential-massive-data-breach-amidst-cybercrime-claims/
[3] https://news.yahoo.com/23andme-user-data-breached-in-credential-stuffing-attack-231757254.html
[4] https://www.darkreading.com/attacks-breaches/23andme-cyberbreach-exposed-dna-data-family-ties
[5] https://www.nbcnews.com/news/us-news/23andme-user-data-targeting-ashkenazi-jews-leaked-online-rcna119324
