23andMe private user data is up for sale in the Dark Web

Tautalus

Regular Member
Messages
420
Reaction score
950
Points
93
Ethnic group
Portuguese (Luso-Ibero-Celtic)
Y-DNA haplogroup
I2-M223 / I-FTB15368
mtDNA haplogroup
H6a1b2y
The 23andMe accounts of millions of peoples were compromised, according to claims on Dark Web forums. 23andMe claims that their database was not hacked per se, but that they accessed a large amount of internal information through an apparently basic technique of credential stuffing. In other words, they entered the database with the name and password obtained in other cyber attacks.
Millions of users whose login details were similar to those of other services were hacked. Among the data obtained are names, photographs, geolocation and information about "DNA Relatives", an optional service offered by the company to discover which other people you have some type of genetic connection with. The initial leak indicates that a database with "1 million lines of data on Ashkenazi individuals" - one of the main Jewish ethnic groups - was put up for sale. In addition, a database with information on 300,000 users of Chinese origin was put up for sale.

https://arstechnica.com/security/20...a-is-up-for-sale-after-online-scraping-spree/

https://blog.23andme.com/articles/addressing-data-security-concerns
 
That's not really a hack on 23andMe, because they used user logins to gain access to the data this user could see. The logins came from other real hacks or were acquired in another way unrelated to 23andMe.
Basically most of the data, if I understood it correctly, is half-public anyway.
 
They say that the “information obtained may have included users’ display name, profile photo, profile sex, birth year, location, predicted relationships to their match, the percent DNA match and number of shared genetic segments and portions of their genetic ancestry results, including haplogroups, which provide information about ancestry”.
This information is private data and the 23andMe users can only see it because of their genetic relationship with other users through the DNA Relatives tool.
Without a 23andMe user profile, a genetic relationship and an opt-in choice to discover their relatives there is no access to this information.​
 
After the data breach the company's problems continue, it is on the verge of collapse. The company is facing significant financial difficulties, including potential delisting from the stock market, layoffs, and the resignation of most of its board of directors.
The question is if the company is going out of business, what is going to happen withs the genetic data from the millions of their customers ?
If 23andMe is sold, the DNA data of its 15 million customers could be at risk. The company’s privacy policies allow for the sale of customer information in the event of a merger or acquisition.
There are concerns about how the new owners might use this genetic data, there is the possibility that this data will be misused, and the genetic privacy rights will not be respected.
If you are a customer, you may ask yourself whether you should delete your account and data.​

 
23andMe filed for bankruptcy, the advice is to get your data out of there.
I went ahead and deleted my data from there. However, they still have certain information that they have on file and what do they do with the samples which they match to email address and I think date of birth, etc. One hopes the Courts direct them to destroy all samples of people who deleted their data.
 
This is awful!
 
I went ahead and deleted my data from there. However, they still have certain information that they have on file and what do they do with the samples which they match to email address and I think date of birth, etc. One hopes the Courts direct them to destroy all samples of people who deleted their data.

They say they can’t delete all the information, that they are required by federal law to have a retention period for genetic tests. The minimum is two years, but it seems like 23andMe representatives are talking about 10 years. That retention period starts the moment the sample is analyzed in the lab. The only positive thing is that these retained test results are de-identified, they are anonymous.
 
23andMe filed for bankruptcy, the advice is to get your data out of there.
I went ahead and deleted my data from there. However, they still have certain information that they have on file and what do they do with the samples which they match to email address and I think date of birth, etc. One hopes the Courts direct them to destroy all samples of people who deleted their data.

They say they can’t delete all the information, that they are required by federal law to have a retention period for genetic tests. The minimum is two years, but it seems like 23andMe representatives are talking about 10 years. That retention period starts the moment the sample is analyzed in the lab. The only positive thing is that these retained test results are de-identified, they are anonymous.
Yes, thanks for restating that. If you did any surveys and participated in some of those, that data used in research can't be undone but they don't have any identifiers with the data.

Thanks, Cheers.
 
Back
Top