23AndMe Hacker Leaks New Tranche of Stolen Data
Two weeks after the first data leak from the DNA ancestry service, the threat actor produces an additional 4 million user records they purportedly stole.
A threat actor who claimed responsibility for the compromise of the 23AndMe site earlier this month has released a new dataset, including the records of more than 4 million people's genetic ancestry.
The cybercriminal, known by the handle Golem, alleges in a cybercrime Dark Web forum the stolen data includes information on, "the wealthiest people living in the US and Western Europe," according to reports.
23andMe spokesperson Andy Kill said in a statement the organization is still trying to confirm whether the most recently leaked data is genuine.
Prior to this most recent leak, an Oct. 1 post on a Dark Web forum by Golem claimed they have a total of 20 million individual pieces of 23andMe data and leaked 1 million lines of data as a teaser, along with an offer to bulk sell data profiles.
23andMe confirmed in early October that users who opted to share information through its "DNA Relatives" were impacted and suggested the breach was a result of a credential stuffing cyberattack.
"After learning of suspicious activity, we immediately began an investigation," 23andMe's disclosure said. "While we are continuing to investigate this matter, we believe threat actors were able to access certain accounts in instances where users recycled login credentials — that is, usernames and passwords that were used on 23andme were the same as those used on other websites that have been previously hacked."
Comments
Post a Comment