Hacker Breach Exposes 23andMe’s Customers’ Data

Hacker Breach Exposes 23andMe's Customers' Data | Enterprise Wired

Share Post:

LinkedIn
Twitter
Facebook
Reddit

source- FOX 5 New York

Genetic Testing Giant Confirms Massive Security Compromise

A staggering breach has rattled the foundations of 23andMe, the renowned genetic testing company, as it confirms unauthorized access to nearly seven million user profiles. A spokesperson disclosed to CNN on Tuesday that the breach encompassed sensitive details such as ancestry reports, zip codes, and birth years, significantly impacting a subset of the company’s extensive user base.

The Scale of the Breach

The unsettling revelation came to light through a filing to the Securities and Exchange Commission (SEC) on Friday, where 23andMe indicated that approximately 0.1% of its user accounts, approximately 14,000 profiles, fell victim to the cyber intrusion. However, subsequent investigations unveiled a more substantial impact, with hackers infiltrating around 5.5 million profiles employing the company’s DNA Relatives feature.

Extent of Compromised Information

Notably, hackers also managed to access a subset of family tree data linked to 1.4 million DNA Relatives profiles, raising concerns about the depth and breadth of compromised personal information. Engadget, a prominent tech news outlet, initially shed light on the broader implications of this extensive security breach.

23andMe faces data breach: Over 7 million users exposed to hackers

Ongoing Cybersecurity Woes

This incident adds 23andMe to the roster of major U.S. corporations grappling with severe cybersecurity breaches affecting a larger populace than initially acknowledged. Just recently, Okta, an identity management firm, acknowledged a data breach impacting all users within its customer support system, a figure significantly higher than initially reported.

Modus Operandi: Credential Stuffing

The method of intrusion employed by the hackers has been identified as ‘credential stuffing.’ Leveraging old usernames and passwords obtained from other platforms, this rudimentary yet effective technique facilitated unauthorized access to numerous 23andMe customer accounts.

Company’s Response and Measures Taken

In response to the breach, 23andMe embarked on a comprehensive investigation aided by third-party forensic experts. Despite declining to disclose the perpetrators, the company is diligently notifying affected customers, complying with legal obligations.

A statement posted on the company’s website outlined measures to bolster data protection, mandating password resets for existing customers and implementing two-step verification for both new and existing users.

As concerns over data security and privacy amplify, this breach underscores the pressing need for stringent measures to safeguard sensitive personal information in an increasingly digitized world.

The ramifications of such a breach extend far beyond the compromised data itself. Users are now grappling with potential identity theft, privacy infringement, and the misuse of their genetic information. This breach has reignited conversations about the ethical responsibilities of companies dealing with highly personal data and the imperative to fortify cybersecurity protocols.

In the wake of this breach, regulatory bodies and lawmakers are likely to intensify their scrutiny of companies handling sensitive user data, potentially leading to stricter compliance standards and regulations aimed at fortifying cybersecurity measures and protecting consumer privacy.

As 23andMe continues its damage control and endeavors to rebuild trust, the cybersecurity landscape faces renewed challenges, emphasizing the criticality of proactive measures to thwart malicious cyber threats and safeguard user information from similar breaches in the future.

Curious to learn more? Explore our articles on Enterprise Wired

Subscribe

RELATED ARTICLES

Microsoft Delays Recall Feature Launch Amid Security Concerns

Microsoft Delays Recall Feature Launch Amid Security Concerns

Source – The Hindu Adjustment to Release Plans Microsoft has decided to delay the rollout of its Recall feature on…
Ford Motor Shifts Strategy, Ends Controversial EV Dealership Program

Ford Motor Shifts Strategy, Ends Controversial EV Dealership Program

Source – MSN Program Closure Amid Shifting Market Dynamics Ford Motor Company has decided to terminate its “EV-certified” dealership program,…
Adobe Surges After Beating Expectations, Boosting Guidance

Adobe Surges After Beating Expectations, Boosting Guidance

Source – Tokenist Earnings Beat Expectations Adobe Inc. witnessed a remarkable surge of 17% in its shares during after-hours trading…
Stellantis CEO Acknowledges Mistakes, Vows Correction Amid Investor Concerns

Stellantis CEO Acknowledges Mistakes, Vows Correction Amid Investor Concerns

Source – The Independent Tavares Takes Responsibility for U.S. Operations Challenges Stellantis CEO Carlos Tavares admitted to critical errors in…