Genetic testing firm 23andMe is currently dealing with yet another data breach. Just two weeks after the initial hack, the hacker identified as Golem leaked four million 23andMe user details on a cybercrime website, raising serious concerns about the security of user data.
Golem asserts that the stolen data collection has information on British customers and data on even the wealthiest people in the US and Western Europe, according to a TechCrunch report. Although 23andMe has not yet commented on these most recent events, the intrusion has raised questions about user privacy and data security.
Company Slapped with Multiple Lawsuits
23andMe is facing numerous US lawsuits, which include financial compensation, following the initial massive data breach, in which Hacker Golem exposed 23andMe customer information last month on hacker forums, including details of over one million Ashkenazi Jews who utilized the company's services to learn about their heritage and genetic tendencies, per BleepingComputer.
The sensitive information exposed in the CSV file included account IDs, complete names, gender, dates of birth, DNA profiles, and location and area information for the users. Credential stuffing attacks on accounts with lax security were the root cause of the 23andMe data leak, which gave hackers access to user accounts.
Although 23andMe said that there had been no direct security breach of their systems, they recognized that illegal access had taken place as a result of the activation of an optional function called "DNA Relatives," which links genetic relationships.
Genetic Data's Value on the Dark Web
Genetic information, formerly thought to be quite private, has grown in value on the dark web. Numerous factors demonstrate the attraction of this sort of material to harmful actors, even though many people may question why hackers would be interested in it.
According to an article from The Street, the exposure of family secrets and reputational harm can result from the exploitation of genetic data for blackmail. Moreover, genetically derived personal information, including names, residences, phone numbers, birth dates, and photographs, can be utilized for impersonation and fraud.
The report also mentioned that genetic data can be used in developing biological weapons since the data is crucial for gene editing, the technique of modifying DNA to generate lethal bacterium and virus strains, and hackers may use stolen DNA to construct biological weapons.
Given the possible hazards involved with its disclosure, the 23andMe data leak serves as a harsh reminder of the need to safeguard sensitive genetic information. 23andMe assured that it is actively addressing the problem and is advising customers to take precautions to protect their accounts and data.
"Out of caution, we are requiring that all customers reset their passwords and are encouraging the use of multi-factor authentication (MFA). If we learn that a customer's data has been accessed without their authorization, we will notify them directly with more information," the firm said in a statement.
Additionally, experts advise online users to be attentive and take precautions to safeguard their private information as worries about the security of private data continue to grow.