Tuesday, October 10, 2023

23andMe says hacker appears to have stolen people’s genetic information


Andrew Griffin
Mon, 9 October 2023 

(Getty Images)

A hacker has stolen the personal genetic information of 23andMe users, the company has said.

23andMe allows people to send in a sample of their DNA and have it tested, with the results sent into them. Customers can find out what their genetic information might tell them about their health, for instance, as well as their relatives and where they might have lived.

But some of that same information was accessed by hackers and appears to have been made available online, the company said.

It made the statement after the hackers appeared to be attempting to sell the information online. 23andMe did not say whether some or all of that data – which included the names of celebrities – was actually legitimate.

But it did say that information had been “compiled from individual 23andMe.com accounts without the account users’ authorization”. Its investigation was still continuing, the company said, and it is unclear the scale of the problem.

The data appears to have been taken by a hacker who used recycled login credentials from other websites that had since been hacked, the company said. That is a common technique for breaking into profiles, and cyber security experts suggest using different passwords on different websites and changing them regularly to avoid it.

Once the hackers were able to get into those accounts, they used a feature on 23andMe that allowed them to gather yet more information. 23andMe offers a tool called “DNA Relatives”, which lets users connect with people with similar genetic information to help assemble their family tree – meaning that hackers were able to gather information about other people whose accounts had not actually been compromised.

The company said that it had no indication that its own systems had been attacked, or that it was the source of the credentials used. But it advised people to change their password and set up multi-factor authentication to ensure that their accounts were secure.

No comments:

Post a Comment