Hacker Breach Exposes 23andMe’s Customers’ Data

Hacker Breach Exposes 23andMe's Customers' Data | Enterprise Wired

Share Post:

LinkedIn
Twitter
Facebook
Reddit

source- FOX 5 New York

Genetic Testing Giant Confirms Massive Security Compromise

A staggering breach has rattled the foundations of 23andMe, the renowned genetic testing company, as it confirms unauthorized access to nearly seven million user profiles. A spokesperson disclosed to CNN on Tuesday that the breach encompassed sensitive details such as ancestry reports, zip codes, and birth years, significantly impacting a subset of the company’s extensive user base.

The Scale of the Breach

The unsettling revelation came to light through a filing to the Securities and Exchange Commission (SEC) on Friday, where 23andMe indicated that approximately 0.1% of its user accounts, approximately 14,000 profiles, fell victim to the cyber intrusion. However, subsequent investigations unveiled a more substantial impact, with hackers infiltrating around 5.5 million profiles employing the company’s DNA Relatives feature.

Extent of Compromised Information

Notably, hackers also managed to access a subset of family tree data linked to 1.4 million DNA Relatives profiles, raising concerns about the depth and breadth of compromised personal information. Engadget, a prominent tech news outlet, initially shed light on the broader implications of this extensive security breach.

23andMe faces data breach: Over 7 million users exposed to hackers

Ongoing Cybersecurity Woes

This incident adds 23andMe to the roster of major U.S. corporations grappling with severe cybersecurity breaches affecting a larger populace than initially acknowledged. Just recently, Okta, an identity management firm, acknowledged a data breach impacting all users within its customer support system, a figure significantly higher than initially reported.

Modus Operandi: Credential Stuffing

The method of intrusion employed by the hackers has been identified as ‘credential stuffing.’ Leveraging old usernames and passwords obtained from other platforms, this rudimentary yet effective technique facilitated unauthorized access to numerous 23andMe customer accounts.

Company’s Response and Measures Taken

In response to the breach, 23andMe embarked on a comprehensive investigation aided by third-party forensic experts. Despite declining to disclose the perpetrators, the company is diligently notifying affected customers, complying with legal obligations.

A statement posted on the company’s website outlined measures to bolster data protection, mandating password resets for existing customers and implementing two-step verification for both new and existing users.

As concerns over data security and privacy amplify, this breach underscores the pressing need for stringent measures to safeguard sensitive personal information in an increasingly digitized world.

The ramifications of such a breach extend far beyond the compromised data itself. Users are now grappling with potential identity theft, privacy infringement, and the misuse of their genetic information. This breach has reignited conversations about the ethical responsibilities of companies dealing with highly personal data and the imperative to fortify cybersecurity protocols.

In the wake of this breach, regulatory bodies and lawmakers are likely to intensify their scrutiny of companies handling sensitive user data, potentially leading to stricter compliance standards and regulations aimed at fortifying cybersecurity measures and protecting consumer privacy.

As 23andMe continues its damage control and endeavors to rebuild trust, the cybersecurity landscape faces renewed challenges, emphasizing the criticality of proactive measures to thwart malicious cyber threats and safeguard user information from similar breaches in the future.

Curious to learn more? Explore our articles on Enterprise Wired

Subscribe

RELATED ARTICLES

OpenAI Partially Prevails as Judge Dismisses Copyright Lawsuits by Silverman and Tremblay

OpenAI Partially Prevails as Judge Dismisses Copyright Lawsuits by Silverman and Tremblay

Federal Judge Rules on OpenAI’s Use of Authors’ Works in Training AI Model In a significant development, two copyright infringement…
FTC Investigates Drug Supply Chain: Focus on Middlemen Amid Generic Drug Shortages

FTC Investigates Drug Supply Chain: Focus on Middlemen Amid Generic Drug Shortages

Source- PYMNTS.com Federal Trade Commission and HHS Seek Solutions for Ongoing Drug Shortages In response to the persistent shortages of…
Cisco Announces Workforce Reduction Amid Industry Downturn

Cisco Announces Workforce Reduction Amid Industry Downturn

Source- BNN Breaking Tech Giant to Cut 5% of Workforce, Eliminating 4,250 Jobs In a move to streamline operations amidst…
Lyft CEO Takes Responsibility for Earnings Error, Stock Soars

Lyft CEO Takes Responsibility for Earnings Error, Stock Soars

Major Error Causes Stock Surge and Subsequent Correction Lyft CEO David Risher has acknowledged responsibility for a significant error in…