DNA Tests Reveal Personal Information to Hackers

Unknown Hacker Claims Possession of Valuable Data from DNA Testing Company

At one of the popular hacker forums, an unknown individual has proclaimed to have obtained “the most valuable data that you can imagine.” Along with this announcement, the hacker shared a link to a portion of the materials that are allegedly stolen from 23andMe, one of the leading DNA testing companies.

As soon as this news surfaced, 23andMe initiated an investigation into the matter. Cybersecurity experts have detected unauthorized access attempts on certain user accounts, but they strongly believe that the systems themselves have not been hacked. Instead, they suspect that the attacker may have gained access to information from other platform breaches and subsequently infiltrated customer accounts that utilized the same login credentials on 23andMe.com.

The organization’s representatives revealed that some accounts are associated with the DNA Relatives service, which permits customers to connect with genetic relatives and explore their family lineage. Consequently, it is possible that data pertaining to these relatives may have also been compromised.

The leaked information potentially encompasses names, profile photos, gender, date of birth, addresses, marital status details, the percentage of DNA resemblance to other individuals, the number of shared genetic segments, as well as fragments of ancestral genetic analysis results.

The exact magnitude of the leak and the authenticity of the data being offered for sale have yet to be determined. The initial announcement was posted on the forum on October 1, but was swiftly deleted. However, on October 4, the author returned with a new proposal. According to the hacker, the data now includes ethnic distribution breakdowns, detailed victim lineage information, haplogroup characteristics (groups of people sharing a common ancestor), phenotype descriptions, photographs, and links to potential relatives.

The compromised files can be purchased in batches ranging from 100 to 100,000 profiles. The perpetrator claims that a total of 13 million accounts have been breached. Nevertheless, the hacker refused to disclose information regarding the specific time and method employed to obtain this data when questioned by researchers.

Currently, it remains uncertain whether the personal data of 23andMe customers has truly been compromised. The investigation is ongoing.

/Reports, release notes, official announcements.