User data stolen from genetic testing giant 23andMe is now for sale on the dark web::User data from 23andMe accounts has been leaked and put up for sale on a dark web forum after what appeared to be a “credential stuffing” cyberattack.

  • AutoTL;DR@lemmings.worldB
    link
    fedilink
    English
    arrow-up
    8
    ·
    1 year ago

    This is the best summary I could come up with:


    Hackers claiming to have access to the names, photos, birth details, and ethnicities of potentially millions of 23andMe customers are peddling the information on the dark web for thousands of dollars.

    “The preliminary results of this investigation suggest that the login credentials used in these access attempts may have been gathered by a threat actor from data leaked during incidents involving other online platforms where users have recycled login credentials,” a spokesperson for the company told Insider.

    In other words, the hackers plugged in leaked username-password combinations into 23andMe accounts in a technique known as “credential stuffing.”

    One anonymous seller advertised the data on BreachForums earlier this week as containing “DNA profiles of millions, ranging from the world’s top business magnates to dynasties often whispered about in conspiracy theories,” and noted that each set of data also came with “corresponding email addresses,” based on a repost of the ad on X.

    Based on the results of its preliminary investigation, the company believes the hackers gained access to a much smaller number of user accounts, but managed to scrape the data of several other 23andMe users through a feature called DNA Relatives.

    There may also be “hundreds of thousands of users of Chinese descent” impacted by the leak," Wired reported.


    The original article contains 570 words, the summary contains 209 words. Saved 63%. I’m a bot and I’m open source!