23andMe, a biotech firm known for DNA testing, was recently hacked by an unknown hacker. According to the bad actor, over 14 million users were affected by the data breach.
Specifically, the hacker took aim at people, particularly those of Jewish ancestry, and offered to sell sensitive information, including names, locations, and ethnic backgrounds, in an online forum.
23andMe confirmed that this breach exposed real user data and attributed it to "credential stuffing," a method where attackers use leaked username-password combinations from other websites to infiltrate 23andMe accounts.
What Happened to the 23andMe Hack?
When handing your personal information, particularly any DNA-related data to a handler, a person should always exercise extreme caution. Although 23andMe is a trusted company, it's scary to know how far your data could reach if it's managed by the wrong hands.
According to FoxNews, the hacker did not only steal the usernames, passwords, and other credentials from the users. The person also claimed to rob even the data from the biggest names in the industry such as Elon Musk and Mark Zuckerberg.
The hacking terror that hit 23andMe is indeed a matter of concern. While other hackers only offered to leak financial data such as bank account numbers, the 23andMe hacker appears to be built differently.
Apparently, it became alarming to the Jewish community since the cybercriminals said that their genetic data would be exposed. It's a new level of identity theft done in a bio-engineered way.
Not the First Time 23andMe Was Breached
Even before this controversial hack hit 23andMe, the company was criticized because of concerns about DNA database leaks. Since genetic testing firms are quite sensitive when it comes to data sharing, 23andMe should be transparent about their methods.
Furthermore, they should ask for consent from the users before they use their genetic data on other platforms. It's important to note that the data collected by these companies falls outside the protection of the Health Insurance Portability and Accountability Act (HIPAA).
In response to the breach, 23andMe quickly took action. They suspect that the hackers compromised individual accounts and leveraged the platform's "DNA Relatives" feature to assemble lists of users. The company enlisted digital forensics experts and law enforcement to investigate the incident.
As a precaution, 23andMe is now requiring all users to reset their passwords.
How to Stay Protected Amid 23andMe Hack
The Washington Post shares some tips on how to keep yourself safe from the recent breach.
According to the news outlet, all 23andMe users should always use hard-to-guess passwords. As much as possible, make them complicated to the point that any person will have a hard time thinking about them.
Another important tip you should do is to request data deletion. It's always your right to have your data deleted so companies will not be able to store them and reuse them in the future.
On top of that, you should always think twice if you need to share your genetic data. Having your DNA information online can attract more hackers to take advantage of your account.