DNA Company 23andMe Reports Unauthorized Access to Numerous User Ancestry Files

If you’re tired of censorship and dystopian threats against civil liberties, subscribe to Reclaim The Net. In recent years, a growing number of people have been handing their DNA over to tech companies for the apparent benefits of finding out information about their ancestry and more about their health. However, as with digital IDs, when such entities get access to your most intimate data, it becomes the target of hackers and cyberattacks. A considerable number of user ancestry files were exposed during a recent cyberattack on genetic testing giant, 23andMe. As per an official filing released on Friday, cybercriminals infiltrated around 14,000 user accounts – a figure that equates to approximately 0.1% of the company’s global customer base of over 14 million. The hackers leveraged a common cyberattack technique known as “credential stuffing.” This involved exploiting leaked account passwords to gain unauthorized access. However, the attack didn’t end with the initial victims. 23andMe incorporates a feature whereby users can opt to share selected information with other users. Consequently, the breach also extended to individuals linked through this feature. What amplifies the gravity of the data breach is the nature of the exposed information — mainly personal user ancestry details, and in some cases, health-related genetic information. The exact number of affected ‘other users’ or the precise extent of accessed files remains unclear as the company has yet to release specific figures. Tech news outlet TechCrunch undertook an analysis of the exposed datasets, comparing them against publicly accessible genealogy databases. The…DNA Company 23andMe Reports Unauthorized Access to Numerous User Ancestry Files