Gene testing company 23andMe 'hacked' with thousands of people exposed

Genetic testing company 23andMe admits hackers accessed data of more than 6.9 MILLION people – after claiming about 14,000 profiles had been breached

  • The California-based company admitted data on half of its users has been stolen
  • Digital spies used old passwords to break into files for 0.1 percent of users 
  • But these accounts were linked to millions more through ancestry settings  

Genetic testing firm 23andMe has admitted that hackers accessed sensitive data on 6.9 million people – or 50 percent of its users.

The mammoth breach is the result of digital spies using old passwords to break into files belonging to 0.1 percent of customers – some 14,000 profiles – which are linked to millions more through ancestry tracing. 

On Friday, 23andMe admitted in a Securities and Exchange Commission disclosure that overall, a ‘significant number’ of files ‘containing profile information about other users’ ancestry’ had been stolen. 

The California-based company, which is a market-leader in the $17 billion genetic testing industry, later told TechCrunch that this amounted to around half of its 14 million users. 

It highlights how the explosion in popularity of at-home DNA testing kits which have led to hundreds of Americans uncovering shocking family secrets, could come with unexpected consequences. 

Genetic testing firm 23andMe has admitted that hackers accessed sensitive data on 6.9 million people – or 50 percent of its users

23andMe was co-founded in 2006 by its current CEO, Anne E Wojcicki (pictured), 50, who is the ex-wife of Google co-founder Sergey Brin, along with biologist Linda Avey and businessman Paul Cusenza

23andMe said the breach affected 5.5 million people who had opted in to its DNA Relatives feature, which allows customers to automatically share some of their data with others. 

This included the person’s name, birth year, relationship labels, the percentage of DNA shared with relatives, ancestry reports and self-reported location.

A separate group of around 1.4 million people who opted into DNA Relatives also had their ‘Family Tree profile information accessed’, which displays similar information, 23andMe admitted. 

The mass leak came to light in early October when users on a hacking forum claimed to be selling troves of user data including ‘photographs’ and ‘phenotype information’ for thousands of dollars.

23andMe initially denied the claims, saying they had conducted an investigation and had not identified ‘any unauthorized access to our systems’. 

The San Francisco firm said it would ‘continue to monitor the situation’ – deploying third-party forensic experts and federal law enforcement officials to investigate. 

But the company doesn’t foresee a major financial fallout from the incident, saying it expects to lose between $1 to $2 million in ‘onetime expenses related to the incident’. 

Its stocks also plunged five percent on Tuesday morning as news of the breach circulated online.  

It required all customers to reset their passwords and encouraged them to start using multi-factor authentication.  

On October 20, it announced that it had ‘temporarily disabled some features within the DNA Relatives tool as an additional precaution to protect the privacy of our customers’. 

A hacker has released millions of additional genetic profiles stolen from DNA testing firm 23andMe, claiming that the leaked dataset includes members of the British royal family

The DNA testing firm 23andMe has denied it was hacked after posts online claimed that sensitive data about millions of customers had been breached

But the precautions came too late, and a hacker using the moniker ‘Golem’ published the genetic profiles on cybercrime marketplace BreachForums – targeting profiles with links to Israel and citing anger at the nation’s regime for the leak. 

The dataset included four million 23andMe customers who have ancestry in Great Britain, Golem claimed, saying the genetic profiles include ‘wealthy families serving Zionism’ and ‘the wealthiest people living in the US and Western Europe.’

‘There are samples from hundreds of families, including the royal family, Rothschilds, Rockefellers and more,’ the hacker added, referring to the wealthy European and American families, respectively.

It followed offers from the hacker to sell stolen DNA profiles, and a prior leak of millions of profiles of people with Jewish and Chinese ancestry. 

‘These breaches are getting more brazen and more worrisome,’ Dimitri Sirota, the CEO of data security firm BigID, told DailyMail.com.

‘They are targeting contextual identifiers like membership in an ethnic group. This could be used for targeted campaigns by ethnicity, race, gender, political affiliation or membership in another group,’ he added, saying it raised concerns about cyber breaches turning into ‘hate crimes’.

23andMe was co-founded in 2006 by its current CEO, Anne E Wojcicki, 50, who is the ex-wife of Google co-founder Sergey Brin, along with biologist Linda Avey, 63, and businessman Paul Cusenza, 63. 

Around two in 10 Americans have taken a mail-order ancestry test, according to data from survey site YouGov, while the global gene-testing market is now worth around $14 billion.

U.S. Rep Jason Crow, of Colorado, warned that bio-weapons are being made that use a target’s DNA to only kill that person during the Aspen Security Forum in July 2022

The congressman said the development of the weapons were worrying given the popularity of DNA testing services like 23andMe

And experts say the trend is being driven by the availability of cheap and accurate tests, with the two major providers – 23andMe and AncestryDNA – offering them for just $99.

Last year, US Rep Jason Crow of Colorado warned Americans to not be so cavalier about sharing their DNA with private companies due to the coming of the new type of bio-weapon.

‘You can actually take someone’s DNA, take, you know, their medical profile and you can target a biological weapon that will kill that person or take them off the battlefield or make them inoperable,’ Crow said.

Crow, a former Army Ranger who served three tours of duty in Iraq and Afghanistan, continued: ‘People will very rapidly spit into a cup and send it to 23andMe and get really interesting data about their background.’ 

‘And guess what? Their DNA is now owned by a private company. It can be sold off with very little intellectual property protection or privacy protection and we don’t have legal and regulatory regimes to deal with that.’

‘We have to have an open and public discussion about… what the protection of healthcare information, DNA information, and your data look like because that data is actually going to be procured and collected by our adversaries for the development of these systems.’

Source: Read Full Article