23andMe Warns of Hacker Breaking Into User Accounts
Views:
1970-01-01 08:00
If you use 23andMe, consider securing your account. It appears a hacker has been breaking

If you use 23andMe, consider securing your account. It appears a hacker has been breaking into user profiles to steal personal data.

The company issued a statement about the threat today, days after a mysterious user in a hacking forum claimed to have obtained data from at least 7 million 23andMe users.

The user shared a link, which allegedly leads to a download for the stolen data. “The CSV file in the link contains the profile list of half of the members of 23andMe,” the user claimed in the post before it was deleted. “These members have technical details such as their origin estimation, phenotype and health information, photos and identification data, raw data, and their last login date to the site.”

23andMe is investigating the situation, but the company denies a breach has occurred. “We do not have any indication at this time that there has been a data security incident within our systems,” a company spokesperson told PCMag.

“Rather, the preliminary results of this investigation suggest that the login credentials used in these access attempts may have been gathered by a threat actor from data leaked during incidents involving other online platforms where users have recycled login credentials,” the spokesperson added.

That means a hacker has likely been digging through past data breaches —which can contain user email addresses and passwords— to try and break into accounts on 23andMe.

Although the hacker claims to have obtained data on at least 7 million users, it’s possible much of the data was actually scraped through a profile-viewing feature available to 23andMe members. The company has a function that lets you find “DNA relatives” with other users on the platform. Using the system is optional, but in doing so users create a profile that other members can see, allowing them to view ancestry results, along with photo and birth year, if provided.

Hence, it’s possible the hacker broke through a smaller number of accounts, and then exploited the DNA relatives feature to gain access to a wider range of personal details. For now, 23andMe told PCMag: “We are taking this issue seriously and will continue our investigation to confirm these preliminary results.”

In the meantime, users can consider changing their password or turning on the two-factor authentication for their accounts to prevent potential hijacking.

Tags security dna testing kits