DNA testing service 23andMe investigating theft of user data CyberScoop

p
By
AJ Vicens
pp

October 5 2023

ppThe DNA testing company 23andMe is investigating whether a large trove of customer data was stolen from the company after information about the firms clients was offered for sale on a cybercrime forum earlier this week ppOn Sunday a post on a popular forum where stolen data is traded and sold claimed to have the most valuable data youll ever see and posted a link to a sample of what was described as 20 million pieces of data from 23andMe ppIn a statement to CyberScoop on Thursday 23andMe said it was made aware that certain 23andMe customer profile information was compiled through unauthorized access to individual 23andMecom accounts but that there is no indication at this time that there has been a data security incident within our systemsppThe company said its preliminary investigation indicated that an attacker may have compiled login credentials leaked from other platforms and then recycled these credentials to access the accounts of 23andMe customers who had used the same username and password combination ppFor accounts that had opted in to 23andMes DNA Relatives service which allows users to find and connect with genetic relatives and learn more about your family the attacker was able to scrape data associated with potential relatives company officials told CyberScoopppThe officials said the information obtained may have included users display name profile photo profile sex birth year location predicted relationships to their match the percent DNA match and number of shared genetic segments and portions of their genetic ancestry results including haplogroups which provide information about ancestry ppThe exact scope of the data obtained by the attacker remains unclear and CyberScoop has not been able to verify the authenticity of the data offered for sale ppAfter the data was first offered for sale on Sunday the listing was pulled down The poster reemerged on Wednesday offering what they described as data on tailored ethnic groupings individualized data sets pinpointed origin estimations haplogroup details phenotype information photographs links to hundreds of potential relatives and most crucially raw data profilesppThe seller offered the data in 100 1000 10000 and 100000profile batches The seller claimed in a message to CyberScoop that they had 13 million profiles but did not respond to questions about when or how the data was accessed or whether theyd been in touch with 23andMep