Recent News Articles

Hackers Could Use Your Stolen 23andMe DNA Data as a Weapon

18 Oct 2023 12:49 PM | Anonymous

DNA is the key to a person’s most sacred hidden links.

Through a tiny sample of saliva you can unlock the door to one’s genetic traits, health risks, familial relationships and even ancestral roots. This most confidential information is now at risk of no longer being confidential after hackers stole genetic data from millions through popular DNA testing firm 23andMe. 

About 1 in 5 adults in America have taken at-home genetic tests. Companies that offer these tests such as 23andMe, AncestryDNA, MyHeritage and others blew up in popularity in 2017 after successful advertising campaigns and end-of-the-year price cuts made them even more accessible to consumers. The popularity of at-home DNA tests has remained ever since.

However, privacy concerns have recently come to light after 23andMe, one of the first companies to offer direct-to-consumer genetic testing, had a data breachearlier this month. Hackers performed a credential stuffing attack where cyber criminals use stolen usernames and passwords from a previous hack to gain access to accounts in the system. 

Data from profiles — which included DNA ancestry and other personal information — was compromised in the 23andMe data breach. The information was put up for sale by hackers, raising concerns and questions as to why on earth would hackers be interested in obtaining information pulled from DNA samples.

Apparently DNA data is a hot commodity on the black market, and here are a few reasons why it can be valuable to malicious actors.

However, privacy concerns have recently come to light after 23andMe, one of the first companies to offer direct-to-consumer genetic testing, had a data breach earlier this month. Hackers performed a credential stuffing attack where cyber criminals use stolen usernames and passwords from a previous hack to gain access to accounts in the system. 

Data from profiles — which included DNA ancestry and other personal information — was compromised in the 23andMe data breach. The information was put up for sale by hackers, raising concerns and questions as to why on earth would hackers be interested in obtaining information pulled from DNA samples.

You can read more, including information on how hackers can use the stolen DNA information, in an article by U-Jin Lee published in thestreet web site at: https://www.thestreet.com/technology/hackers-could-use-your-stolen-dna-data-as-a-weapon

Comments

  • 19 Oct 2023 9:59 AM | Anonymous member
    This appears to be an example of users not doing their part to prevent data theft. If 23 and Me is correct in saying that hackers gained access with usernames and passwords acquired from breaches at other websites, it serves as a reminder to never, never, NEVER use the same password on more than one site.

    Another important element is two-step verification. I don't know of 23 and Me offers it, but Ancestry does. No one can access my Ancestry account without the code Ancestry sends to my mobile phone.

    That said, none of this is protection against hackers breaking into the host system. But in this case it probably would have foiled the attempt.
    Link  •  Reply

Blog posts

Eastman's Online Genealogy Newsletter









































Powered by Wild Apricot Membership Software