23andMe admits that they have been hacked and the attacker made off with the personal ...

deltatux :donor: /

npub1g8r…ngjw

2023-12-05 02:17:36

23andMe admits that they have been hacked and the attacker made off with the personal data of 6.9 million people. The service confirms that the initial attack vector was through a credential stuffing attack that affected 14,000 accounts but the "DNA relatives" feature was able to amplify the data breach to millions of users.

The company claims that "we still do not have any indication that there has been a data security incident within our systems, or that 23andMe was the source of the account credentials used in these attacks." However, it should be noted that most of the users affected by this breach was due to lack of security controls around 23andMe's opt-in DNA Relatives feature to limit potential impacts of a data breach.

Again, if you wish to partake in these services, one should really look into how much information you're giving up and how these companies are safeguarding sensitive information like this. While you can change a password, good luck trying to change your genetic information & any other information associated with it.

www.theverge.com/2023/12/4/23988050/23andme-hackers-accessed-user-data-confirmed

#infosec #cybersecurity #databreach #23andMe #PII #PHI #Genealogy

Author Public Key

npub1g8rmsdslpcemhyvnqv624hsc2jm0tfzr2anm674zrksszw3atvzsw9ngjw

Show more details

Published at

2023-12-05 02:17:36

Kind type

1 Short Text Note

Event JSON

{ "id": "ef968a0c333931efd95ddbee1328d91a24e63b85e86002c43da72271c860cd25", "pubkey": "41c7b8361f0e33bb91930334aade1854b6f5a4435767bd7aa21da1013a3d5b05", "created_at": 1701742656, "kind": 1, "tags": [ [ "t", "infosec" ], [ "t", "cybersecurity" ], [ "t", "databreach" ], [ "t", "23andme" ], [ "t", "pii" ], [ "t", "phi" ], [ "t", "genealogy" ], [ "proxy", "https://infosec.town/notes/9mv9yasvqq3p7oen", "activitypub" ] ], "content": "23andMe admits that they have been hacked and the attacker made off with the personal data of 6.9 million people. The service confirms that the initial attack vector was through a credential stuffing attack that affected 14,000 accounts but the \"DNA relatives\" feature was able to amplify the data breach to millions of users.\n\nThe company claims that \"we still do not have any indication that there has been a data security incident within our systems, or that 23andMe was the source of the account credentials used in these attacks.\" However, it should be noted that most of the users affected by this breach was due to lack of security controls around 23andMe's opt-in DNA Relatives feature to limit potential impacts of a data breach.\n\nAgain, if you wish to partake in these services, one should really look into how much information you're giving up and how these companies are safeguarding sensitive information like this. While you can change a password, good luck trying to change your genetic information \u0026 any other information associated with it.\n\nwww.theverge.com/2023/12/4/23988050/23andme-hackers-accessed-user-data-confirmed\n\n#infosec #cybersecurity #databreach #23andMe #PII #PHI #Genealogy", "sig": "75e58dd7473733ba8a044a68a73623c9da5c54ab4c56ece9f0c2ab166aa52ed4b2e921260d0288a0fc8942821d29f2409edf7020139ae9951e4d8ad65b92f41d" }