DNA testing company 23andMe is once again in the spotlight for the wrong reasons. A hacker has leaked millions of 23andMe user records on a cybercrime forum. TechCrunch reporting indicates it is the same hacker, aka Golem, who began selling 23andMe user data earlier this month. Golem claims the new dataset contains information on individuals from Great Britain, emphasizing the presence of data from “the wealthiest people living in the U.S. and Western Europe on this list.”
According to TechCrunch, the recent data dump includes names, email addresses, and other personal details of users. The motive behind Golem’s repeated leaks of 23andMe user data remains unclear, however.
In response to the breach, 23andMe spokesperson Andy Kill told TechCrunch via email, “We were made aware of this new leak today, and we are currently reviewing the data to determine if it is legitimate.”
A pattern of 23andMe data leaks
The attack seems to have roots tracing back several months. On Aug. 11, a hacker on another cybercrime forum, Hydra, advertised a set of 23andMe user data. According to TechCrunch, this set matched some of the user records leaked two weeks ago. The hacker on Hydra claimed possession of a whopping 300 terabytes of 23andMe user data, though no evidence was provided to substantiate this claim.
23andMe states it is actively investigating the situation and has advised its users to change their passwords and enable two-factor authentication as immediate precautionary steps.