Millions of 23andMe Users' Genetic Profiles Put Up for Sale on Hacker Forum

Genetic testing company, 23andMe, has recently experienced a major security incident that has resulted in the genetic profiles of potentially millions of its users being put up for sale on a hacker forum. The seller claims that this data can be used to target individuals of Ashkenazi Jewish and Chinese descent. The compromised accounts were not due to any fault within 23andMe's systems, but rather through other data leaks that exposed login credentials to other sites.

In response to this incident, 23andMe released a statement acknowledging the issue and stating that they are taking it seriously. They have initiated an investigation to confirm the extent of the incident and the validity of the data being offered for sale. Wired magazine reported that the anonymous hacker behind the sale has been offering profiles for prices ranging from $1 to $10. The hacker also claimed to have obtained data on "celebrities" such as Elon Musk, Sergey Brin, and Mark Zuckerberg.

It appears that the hacker gained access to user accounts by leveraging information obtained from other breaches to gather login credentials. Once inside the compromised accounts, the hacker then utilized the DNA Relatives feature offered by 23andMe to gather further data on the users' relatives. This feature allows users to connect with potential relatives who share similar DNA and exchange their genetic profiles.

This incident highlights serious concerns regarding privacy and security when it comes to storing sensitive genetic information online. While there are clear benefits to having this information available for tracing heritage and connecting with relatives, the risks of unauthorized access and misuse of data must be addressed. The fact that private data, including origin estimation, phenotype, health information, photos, and identification data, was up for sale is alarming.

It remains to be seen how 23andMe will address this incident and protect the affected users. Their statement indicates that they are committed to continuing the investigation and taking necessary measures to ensure the security of their platform. However, the incident serves as a reminder of the vulnerabilities inherent in online platforms that store sensitive personal information.

As investigations continue, it is crucial for individuals to remain vigilant and take precautions to protect their personal data. This includes using strong, unique passwords for each online account and enabling two-factor authentication whenever possible. Additionally, users should regularly monitor their accounts for any suspicious activity or signs of unauthorized access.