23andMe Data Leaked to the Darknet

10/10/2023Cybercrime, Darknet News

On the dark web, hackers are allegedly selling information about millions of 23andMe clients, including their names, photographs, birth dates, and ethnicity, for thousands of dollars.

According to 23andMe, there hasn’t been a breach of the company’s security systems, and the information appears to have been obtained via user credentials that were made public in earlier data breaches.

“Preliminary results of this investigation suggest that the login credentials used in these access attempts may have been gathered by a threat actor from data leaked during incidents involving other online platforms where users have recycled login credentials,” a company spokesperson told Insider. In other words, the hackers used a method called “credential stuffing” to enter compromised username-password combinations into 23andMe accounts.

The company learned about the attack for the first time from a Reddit post that the community forum seems to have taken down. Since then, hackers have started selling the data on BreachForums, a marketplace for cybercrime.

Based on a repost of the ad on X, an anonymous seller claimed to have sold the data earlier this week on BreachForums. They claimed it contained “DNA profiles of millions, ranging from the world’s top business magnates to dynasties often whispered about in conspiracy theories,” and that each set of data also came with “corresponding email addresses.”

According to Wired, the sample data apparently includes entries for tech executives including Mark Zuckerberg, Sergey Brin, and Elon Musk; however, it is unknown whether the entries are accurate. Anne Wojcicki, the former wife of Sergey Brin and sister of former YouTube CEO Susan Wojcicki, is the company’s CEO.

The seller also offered profile bundles, adding that for each bulk purchase of 10,000 profiles, they’d give the flexibility of incremental payments, with prices starting at $1000 for 100 profiles and rising all the way up to $100,000 for 100,000 profiles.

Another BreachForums article that was also shared to X stated that “half of the 23andMe members” were included in the data. The company, which has 14 million members overall, has not yet confirmed how many user accounts have been stolen. It also stated that no raw genetic material was released.

The business believes the hackers obtained access to a far smaller number of user accounts, but they were able to scrape the information of a number of additional 23andMe users through a function called DNA Relatives, according to the findings of its preliminary investigation. As defined on their website as less than nine generations ago, the function enables users to connect with and view information about other individuals they shared a “recent ancestor” with.

Additionally, 23andMe declined to identify whether the hack was targeted at a certain ethnic group. An individual might be categorized as an Ashkenazi Jew even with just 1% Jewish heritage, according to the business, although a BreachForums post from earlier this week claimed the data sample as “1 million Ashkenazi database.” On their website, 23andMe also states that persons with European or Ashkenazi ancestry are more likely to have many DNA Relatives matches than people with Asian or Middle Eastern ancestry. Additionally, “hundreds of thousands of users of Chinese descent” may be impacted by the leak, according to Wired.

The 2006-founded company 23andMe gained notoriety for its saliva tests that could check for inherited traits, heritage, and genetic predispositions. Users are urged to implement multi-factor authentication by the corporation to thwart more assaults. The company shares anonymized user data with third parties with the consent of the users.