Millions of user records from DNA testing company 23andMe have been leaked online by a hacker, marking the second significant breach in recent weeks.
TechCrunch reports that a notorious hacker, identified by the pseudonym “Golem,” has struck again, unleashing a torrent of confidential user records from the popular DNA testing service, 23andMe. This alarming breach follows a previous attack by the same hacker, who has now exposed the personal data of an additional four million users on a well-known cybercrime forum, BreachForums.
Golem stated that the dataset contains information on individuals from Great Britain, claiming it includes data on the wealthiest individuals residing in the U.S. and Western Europe. The compromised data appears to be extensive, revealing sensitive information that could have severe privacy implications for the affected individuals.
23andMe has been thrust into a state of high alert following the discovery of this breach, with spokesperson Andy Kill stating that the company is “reviewing the data to determine if it is legitimate.” In an effort to safeguard user information, 23andMe has urged its users to modify their passwords and has urged users to activate multi-factor authentication.
The method employed by the hackers to infiltrate the system remains a subject of speculation. Initial reports suggested the use of credential stuffing — a technique where hackers utilize combinations of usernames or emails and passwords leaked in previous data breaches. However, the exact strategy and the full extent of the stolen data remain shrouded in mystery.
Breitbart News has previously reported on privacy concerns about 23andMe, including those expressed by Rep. Jason Crow (D-CO):
Crow, a former Army Ranger who served three tours of duty in Iraq and Afghanistan, continued: “People will very rapidly spit into a cup and send it to 23andMe and get really interesting data about their background.”
“And guess what? Their DNA is now owned by a private company. It can be sold off with very little intellectual property protection or privacy protection and we don’t have legal and regulatory regimes to deal with that.”
Crow went on to counsel that “an open and public discussion about… what the protection of healthcare information, DNA information, and your data look like because that data is actually going to be procured and collected by our adversaries for the development of these systems.”
Read more at TechCrunch here.
Lucas Nolan is a reporter for Breitbart News covering issues of free speech and online censorship.