23andMe private user data is up for sale in the Dark Web

Tautalus

Regular Member
Messages
360
Reaction score
714
Points
93
Ethnic group
Portuguese
Y-DNA haplogroup
I2-M223 / I-FTB15368
mtDNA haplogroup
H6a1b2
The 23andMe accounts of millions of peoples were compromised, according to claims on Dark Web forums. 23andMe claims that their database was not hacked per se, but that they accessed a large amount of internal information through an apparently basic technique of credential stuffing. In other words, they entered the database with the name and password obtained in other cyber attacks.
Millions of users whose login details were similar to those of other services were hacked. Among the data obtained are names, photographs, geolocation and information about "DNA Relatives", an optional service offered by the company to discover which other people you have some type of genetic connection with. The initial leak indicates that a database with "1 million lines of data on Ashkenazi individuals" - one of the main Jewish ethnic groups - was put up for sale. In addition, a database with information on 300,000 users of Chinese origin was put up for sale.

https://arstechnica.com/security/20...a-is-up-for-sale-after-online-scraping-spree/

https://blog.23andme.com/articles/addressing-data-security-concerns
 
That's not really a hack on 23andMe, because they used user logins to gain access to the data this user could see. The logins came from other real hacks or were acquired in another way unrelated to 23andMe.
Basically most of the data, if I understood it correctly, is half-public anyway.
 
They say that the “information obtained may have included users’ display name, profile photo, profile sex, birth year, location, predicted relationships to their match, the percent DNA match and number of shared genetic segments and portions of their genetic ancestry results, including haplogroups, which provide information about ancestry”.
This information is private data and the 23andMe users can only see it because of their genetic relationship with other users through the DNA Relatives tool.
Without a 23andMe user profile, a genetic relationship and an opt-in choice to discover their relatives there is no access to this information.​
 
After the data breach the company's problems continue, it is on the verge of collapse. The company is facing significant financial difficulties, including potential delisting from the stock market, layoffs, and the resignation of most of its board of directors.
The question is if the company is going out of business, what is going to happen withs the genetic data from the millions of their customers ?
If 23andMe is sold, the DNA data of its 15 million customers could be at risk. The company’s privacy policies allow for the sale of customer information in the event of a merger or acquisition.
There are concerns about how the new owners might use this genetic data, there is the possibility that this data will be misused, and the genetic privacy rights will not be respected.
If you are a customer, you may ask yourself whether you should delete your account and data.​

 
Back
Top