New Data Leak Raises Concerns Over User Privacy and Security
In a concerning turn of events, the hacker who previously leaked user data from genetic testing company 23andMe has struck again, releasing millions of additional user records. The newly leaked data, published by a hacker known as Golem on the cybercrime forum BreachForums, contains information on four million users, including individuals from Great Britain and wealthy individuals residing in the United States and Western Europe.
Key Takeaway
A hacker known as Golem has leaked millions of new user records from 23andMe, a popular genetic testing company. The leaked data includes information on four million users, raising concerns over privacy and security.
The leaked data has raised alarm bells as it matches known and public 23andMe user and genetic information, indicating its authenticity. 23andMe, while acknowledging the new leak, is currently investigating the data to establish its legitimacy. The company had previously announced a data breach on October 6, attributing the hack to credential stuffing, a method used by hackers to gain unauthorized access using leaked credentials from previous breaches.
In response to the breach, 23andMe has urged its users to change their passwords and enable multi-factor authentication to mitigate further risks. The company is working with third-party forensic experts to conduct a thorough investigation into the incident. They have also attributed the breach to customer password reuse and a feature called DNA Relatives, which allows users to view the data of other opted-in users with matching genetic information. This feature potentially enabled hackers to access multiple users’ data through a single compromised account.
Despite these measures, several crucial questions remain unanswered. It is uncertain whether the hackers exclusively used credential stuffing or employed alternative methods to obtain the data. The full extent of the stolen data and the intentions of the hackers also remain unknown.
Further analysis of the incident indicates that the breach likely occurred several months ago, as a hacker on the cybercrime forum Hydra advertised a set of 23andMe user data on August 11. The integrity of this claim has not been verified, but the data advertised on Hydra matched some of the user records leaked two weeks ago.
As the investigation unfolds, it is evident that the scope and implications of this data leak are far from clear. The lack of clarity surrounding the amount of data stolen leaves users and the company at risk. 23andMe must act swiftly to address the concerns of its users and enhance its security measures to ensure the protection of sensitive genetic data.
