A Growing Concern for Genetic Testing Company
In a recent development that has raised concerns about the security of genetic data, a hacking forum called Hydra posted an advertisement from a hacker claiming to have access to 300 terabytes of stolen user data from 23andMe. The company has confirmed that it is investigating the incident but has declined to comment further on the matter.
Timeline of Events
The alleged breach was first reported last week when hackers advertised the stolen data on BreachForums, a popular hacking forum. However, TechCrunch has found evidence that the hacker had posted about the incident earlier on Hydra, dating back to August 11th. In this post, the hacker claimed to have contacted 23andMe but was met with indifference.
How Hackers Claimed to Have Obtained the Data
The hacker alleged that they obtained the data through credential stuffing, a common hacking technique where hackers try passwords for one service that have already been leaked or published online on another service. This implies that users may have reused their passwords across multiple services, making them vulnerable to this type of attack.
23andMe’s Response
In response to the alleged breach, 23andMe has prompted all users to reset and change their passwords, as well as encouraged them to turn on multi-factor authentication. However, it remains unclear how much legitimate data hackers actually possess.
Analysis of Allegedly Stolen Data
TechCrunch analyzed some of the allegedly stolen data by comparing it to known public genealogy records. The analysis found several dozen records in the allegedly stolen data that match the same user profile and genetic information found in public genealogy records. This suggests that the leaked data may be legitimate.
Criticism of 23andMe’s Handling of the Incident
Some experts have criticized 23andMe for its handling of the incident, suggesting that the company did not take the matter seriously when contacted by hackers.
Background on Credential Stuffing
Credential stuffing is a common hacking technique where hackers try passwords for one service that have already been leaked or published online on another service. This type of attack can be particularly effective if users reuse their passwords across multiple services.
The Role of DNA Relatives in the Alleged Breach
23andMe has an opt-in feature called DNA Relatives, which allows users to connect with relatives who are also part of the 23andMe community. Experts have suggested that this feature may have played a role in the alleged breach.
Implications for Genetic Data Security
The alleged breach highlights concerns about the security of genetic data and the potential risks associated with storing sensitive information online. As more companies collect and store large amounts of genetic data, it is essential to prioritize security measures to protect against such threats.
Related Developments
In related news, Toyota’s CES 2025 press conference highlighted the growing importance of innovation in the automotive industry, while Roborock’s Roomba competitor got a robot arm. These developments underscore the rapidly evolving landscape of consumer technology.
The Growing Concern for Genetic Testing Company
The alleged breach has raised concerns about the security of genetic data and highlights the need for companies to prioritize security measures to protect against such threats. As more companies collect and store large amounts of genetic data, it is essential to ensure that adequate safeguards are in place to prevent unauthorized access.
The Alleged Breach: A Timeline
- August 11th: Hacker posts about the incident on Hydra.
- Last week: Hackers advertise stolen data on BreachForums.
- Present day: 23andMe investigates the incident and prompts users to reset their passwords.
