Although the company confirmed the compromise, they asserted that it wasn’t a traditional data breach.
Stolen user data from 23andMe has surfaced on the illicit marketplace, BreachForum
Instead, hackers employed a method of guessing user logins and leveraged the DNA Relatives feature, an opt-in service for information sharing among 23andMe users. The stolen user data seems to be part of a targeted attack focused on Ashkenazi Jews. The hacker responsible for posting the sample data on BreachForum claimed it contained a staggering one million data points exclusively pertaining to this group. Additionally, data of hundreds of thousands with Chinese heritage has been disclosed.
The hacker is currently peddling 23andMe data profiles on the underground market, pricing them between $1 to $10. Noteworthy figures like Mark Zuckerberg, Elon Musk, and Sergey Brin are among the individuals whose profiles have been compromised. These profiles encompass basic information such as names, genders, birth years, and some additional genetic data.
23andMe clarified that while data was indeed compromised, the stolen user data has not been authenticated by the company
The breach likely exploited the method known as “credential stuffing,” a tactic where previously breached credentials are employed on other accounts. This approach often succeeds due to the widespread habit of password reuse. To fortify their security on stolen user data, 23andMe is advising users to activate two-factor authentication as a precautionary measure moving forward.