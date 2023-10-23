Biometric data is very sensitive. And a genetic analysis company like 23andMe is a very attractive target. What was feared would happen has happened: the company has confirmed that some personal data of its customers is circulating on Dark Web forums, due to a cyberattack using credential stuffing.

23andMe points out that your database has not been hacked per se, but they have accessed a large amount of internal data. As? As described by Bleeping Computer, through this seemingly basic technique such as credential stuffing. That is, sneak into the database by entering the name and password obtained in other cyber attacks.

The accounts of about 7 million people, according to they claim in the Dark Web forums, have been compromised. Millions of users whose access data was similar to those of other services that have been hacked. Among the data obtained are names, photos, geolocation and information about ‘DNA Relatives’, an optional service offered by the company to know with which other people do you have some type of genetic link.

The initial leak indicates that a database with “1 million lines of data from Ashkenazi people” was put up for sale. Is about one of the main Jewish ethnicities. Additionally, a database with information on 300,000 users of Chinese origin has been put on sale.

These databases have been put up for sale with prices ranging from one dollar to 10 dollars per profile.

According to those who have put the data up for sale, among the information obtained, the genotype of the patients has been stolen and with this the probability of users suffering from different diseases could be determined. Very sensitive and potentially interesting information for insurers.

However, according to 23andMe, although there is genetic information from the AND profiles, At no time has direct genetic data been leaked of DNA of the users.

The company is still analyzing the situation and studying how to proceed. They maintain that they comply with the highest privacy standards and have three different ISO certifications. We strongly recommend that all users modify their password, ensuring that it is unique for this service.

Imagen | Micah Baldwin

