U.S. News

23andMe Customers’ Genetic Profiles Put Up for Sale by Hacker

BOOTLEG DNA

The company confirmed that the data available for sale online was genuine.

A company representative show off what is in a DNA kit at the 23andMe booth at the RootsTech annual genealogical event in Salt Lake City, Utah,
Reuters

The genetic profiles of potentially millions of 23andMe users have been put up for sale on a hacker forum by a seller who claimed the data could be used to target Ashkenazi Jews and those of Chinese descent.

The company, which specializes in preparing ancestry reports for users who send in a saliva sample, confirmed that the data available for sale online was genuine, but said the leak was not the result of a breach in its systems.

Rather, users’ individual accounts were compromised via other data leaks that exposed their login credentials to other sites. “We are taking this issue seriously and will continue our investigation to confirm these preliminary results,” 23andMe told Bloomberg in a statement.

ADVERTISEMENT

The anonymous seller began selling profiles for between $1 and $10 earlier this week, according to Wired, which notes that the hacker also claims to be offering the data of “celebrities” including Elon Musk, Sergey Brin, and Mark Zuckerberg.

The culprits apparently used a technique known as “credential stuffing” to gather the data, which is when login details exposed in earlier data breaches are used to guess the credentials for other accounts, in the hopes that the login information has been reused across multiple accounts. The hacker is believed to have then leveraged access to those accounts to gather more data on the users’ relatives, using the DNA Relatives feature.

“This incident really highlights the risks associated with DNA databases,” Brett Callow, a threat analyst at security firm Emsisoft, was quoted telling Wired.“The fact that accounts had reportedly opted into the ‘DNA Relatives’ feature is particularly concerning as it could potentially result in extremely sensitive information becoming public.”

Read it at Bloomberg