Genetic company 23andMe has acknowledged a breach in the security of some of its customers’ data. The company clarified that their internal systems remained unaffected, but unauthorized individuals managed to obtain this data by guessing login credentials belonging to a specific user group.
They utilized the “DNA Relatives” feature to extract the information. Notably, users have the option to decide whether to share their data through this feature.
During this week, hackers shared a portion of the compromised data on the BreachForums platform, asserting that it included details of approximately one million Ashkenazi Jews. The leak also appeared to impact a considerable number of users of Chinese descent.
On Wednesday, the attackers commenced selling 23andMe profiles for prices ranging from $1 to $10, depending on the quantity. The data being traded encompasses names, genders, years of birth, and certain genetic analysis particulars.
The company did not definitively confirm the extent of the data leak, indicating that their investigation is still ongoing. A spokesperson for the company mentioned that the leak pertained to certain instances where user accounts were exposed.
The comprehensive understanding of the motives behind the data theft, the exact scope of the compromised data, and whether the attackers are specifically targeting Ashkenazi Jews remains unclear.