23andMe denies it was hacked after posts online claim data for millions of customers was for sale for thousands of dollars
- DNA testing firm 23andMe has denied it was hacked after postings online claimed sensitive data on millions of customers had been breached
- Users on a hacking forum claimed to be selling tons of user data, including ‘photos’ and ‘phenotype information’ for thousands of dollars’
- ‘We have not identified any unauthorized access to our systems. We will continue to monitor the situation,” the company said
<!–
<!–
<!– <!–
<!–
<!–
<!–
DNA testing firm 23andMe has denied it was hacked after postings online claimed sensitive data on millions of customers had been breached.
Users on a hacking forum claimed to be selling reams of user data, including ‘photos’ and ‘phenotype information’, for thousands of dollars.
23andMe said in a statement: ‘Following an allegation that someone has accessed and is selling certain 23andMe customer data, we have conducted an investigation. We have not identified any unauthorized access to our systems. We will continue to monitor the situation.’
Unauthorized access was gained to some accounts using ‘recycled’ login credentials – that is, username and password combinations that victims used on other previously breached websites.
“The preliminary results of this investigation indicate that the login credentials used in these access attempts may have been collected by a threat actor from data leaked during incidents involving other online platforms where users have recovered login credentials.
A post online purports to advertise sensitive 23andMe user data for thousands of dollars. The company has now denied it was breached, but said some accounts were accessed with ‘reclaimed’ credentials
DNA testing firm 23andMe has denied it was hacked after postings online claimed sensitive data on millions of customers had been breached
“We believe that the threat actor then, in violation of our Terms of Service, accessed 23andme.com accounts without authorization and obtained information from those accounts. We take this issue seriously and will continue our investigation to confirm these preliminary results.’
Some of the leaked data that appeared online may also have been obtained through the company’s DNA Family feature. Users can subscribe to the service, which compares their DNA with other users of the feature to show them people who are a genetic match.
Accounts obtained through the recovered credentials could then have been used to scrape more data available through the family functions.
Users were encouraged to ensure their account uses two-factor authentication, and to reset their password if they fear they may be at risk.
23andMe is a leader in the $3 billion genetic testing market. For prices up to $200, customers can take a test that reveals their background and can also identify gene variants linked to diseases such as Alzheimer’s and Parkinson’s.
23andMe is a leader in the $3 billion genetic testing market. For prices up to $200, customers can take a test that reveals their background and can also identify gene variants linked to diseases such as Alzheimer’s and Parkinson’s.