DNA Relatives matches customer data with other users' data to find genetic matches.
According to an internal investigation, hackers initially hacked about 0.1% of accounts (or 14 thousand out of 14 million), but thanks to the DNA Relatives feature they were able to penetrate other accounts – about 5.5 million. An additional 1.4 million accounts were affected due to hackers using Family Tree profile information.
DNA Relatives profiles contain sensitive data such as first names, last names and locations, DNA match information, potential connections and ancestry reports. Family Tree profiles reveal information about names, relationships, birth years, and locations.
After first reporting the leak in October and conducting an initial investigation, 23andMe said that “no genetic testing results were leaked.”
For the attack, the hackers used login logins and passwords that were duplicated from previously broken sites, and then published the resulting information on the dark web. They tried to sell the data of individual victims for $1-10. At the same time, before the publication of the news about the hacking of 23andMe, on another hacker forum more amounts of the company’s data were offered – about 300 terabytes were sold for $50 million.
23andMe advised victims to change their passwords and later introduced mandatory two-factor authentication. The company subsequently added that “the hacker attack was contained” and that it was “working to remove the published information.”
PHP dev Bobby Casino, Viddaleno, salary 650
Full Stack Developer (Next.js React Nest.js) Amofintech, Kiev
Marketing Manager Teamvoy