Home 23andMe confirms data leak: Personal genetic information for sale on hacker forums

23andMe confirms data leak: Personal genetic information for sale on hacker forums

U.S. biotech firm 23andMe’s user data was leaked and is now circulating on hacker forums. 23andMe confirmed the data leak’s authenticity to BleepingComputer and says it believes a credential-stuffing attack is to blame.

23andMe user data offered for sale

A few days ago, 1 million lines of data specific to Ashkenazi individuals began circulating on hacker forums. Then, on Oct. 4, the cybercriminal who had leaked the user-data sample purportedly stolen from 23andMe began offering to sell individual profile datasets for $1-$10 each, with the price varying based on the number of datasets purchased.

23andMe has now confirmed the authenticity of the data to BleepingComputer. A spokesperson indicated that hackers likely used credentials leaked from breaches on other platforms. “We don’t see evidence of a security incident within our systems,” they added.

The information exposed in 23andMe’s user data leak allegedly includes users’ names, locations, birthdays, sex, photos, and genetic ancestry results. BleepingComputer’s own investigation found that the number of sold accounts doesn’t currently match the total number of breached 23andMe accounts.

BleepingComputer noted the breached accounts had activated 23andMe’s DNA Relatives feature, which lets users discover and connect with genetic relatives). Initially accessing only a limited number of accounts, the hacker could then scrape data from the users’ networks of DNA Relative matches.

ReadWrite has not yet independently confirmed these statements but has requested further details on the investigation from 23andMe. Nevertheless, users should always follow proper digital hygiene by never repeating account credentials across websites, using strong passwords, and enabling two-factor authentication when possible. Even though 23andMe offers and recommends using 2fa security, this recent data breach also suggests that networking features like DNA Relatives are yet another vulnerability.

About ReadWrite’s Editorial Process

The ReadWrite Editorial policy involves closely monitoring the tech industry for major developments, new product launches, AI breakthroughs, video game releases and other newsworthy events. Editors assign relevant stories to staff writers or freelance contributors with expertise in each particular topic area. Before publication, articles go through a rigorous round of editing for accuracy, clarity, and to ensure adherence to ReadWrite's style guidelines.

Maxwell Nelson
Tech Journalist

Maxwell Nelson, a seasoned journalist and content strategist, has contributed to industry-leading platforms, weaving complex narratives into insightful articles that resonate with a broad readership.

Get the biggest tech headlines of the day delivered to your inbox

    By signing up, you agree to our Terms and Privacy Policy. Unsubscribe anytime.

    Tech News

    Explore the latest in tech with our Tech News. We cut through the noise for concise, relevant updates, keeping you informed about the rapidly evolving tech landscape with curated content that separates signal from noise.

    In-Depth Tech Stories

    Explore tech impact in In-Depth Stories. Narrative data journalism offers comprehensive analyses, revealing stories behind data. Understand industry trends for a deeper perspective on tech's intricate relationships with society.

    Expert Reviews

    Empower decisions with Expert Reviews, merging industry expertise and insightful analysis. Delve into tech intricacies, get the best deals, and stay ahead with our trustworthy guide to navigating the ever-changing tech market.