23andMe denies it has been hacked after posts online claimed data for millions of customers was on sale for thousands of dollars
- The DNA testing firm 23andMe has denied it was hacked after posts online claimed that sensitive data about millions of customers had been breached
- Users on a hacking forum claimed to be selling troves of user data including ‘photographs’ and ‘phenotype information’ for thousands of dollars’
- ‘We have not identified any unauthorized access to our systems. We will continue to monitor the situation,’ the company said
The DNA testing firm 23andMe has denied it was hacked after posts online claimed that sensitive data about millions of customers had been breached.
Users on a hacking forum claimed to be selling troves of user data including ‘photographs’ and ‘phenotype information’ for thousands of dollars.
23andMe said in a statement: ‘Following a claim that someone had gained access to and is selling certain 23andMe customer data, we conducted an investigation. We have not identified any unauthorized access to our systems. We will continue to monitor the situation.’
Unauthorized access was gained to some accounts by using ‘recycled’ login credentials – i.e., username and password combinations that victims had used on other websites which have previously been breached.
‘The preliminary results of this investigation suggest that the login credentials used in these access attempts may have been gathered by a threat actor from data leaked during incidents involving other online platforms where users have recycled login credentials.
A post online purports to advertise sensitive 23andMe user data for thousands of dollars. The company has now denied it was breached, but said some accounts were accessed using ‘recycled’ credentials
The DNA testing firm 23andMe has denied it was hacked after posts online claimed that sensitive data about millions of customers had been breached
‘We believe that the threat actor may have then, in violation of our terms of service, accessed 23andme.com accounts without authorization and obtained information from those accounts. We are taking this issue seriously and will continue our investigation to confirm these preliminary results.’
Some of the leaked data which has appeared online may also have been obtained through the company’s DNA relatives feature. Users can opt-in to the service, which compares their DNA with other users of the feature to show them people who are a genetic match.
Accounts accessed through the recycled credentials may then have been used to scrape more data that is available through the relatives features.
Users have been encouraged to ensure their account uses two-factor authentication, and to reset their password if they fear they could be at risk.
23andMe is a leader in the $3 billion genetic testing market. For prices up to $200, customers can take a test which reveals their background and can also identify gene variants linked to diseases like Alzheimer’s and Parkinson’s.
23andMe is a leader in the $3 billion genetic testing market. For prices up to $200, customers can take a test which reveals their background and can also identify gene variants linked to diseases like Alzheimer’s and Parkinson’s
Source: Read Full Article