Hackers Offer 23andMe Data for Sale on Leaked Data Forum
An online forum has seen a hacker promoting the sale of vast quantities of data purportedly taken from the genealogy website 23andMe, which specializes in family genetics.
On Friday, 23andMe (ME.O) issued a statement asserting that while an undisclosed amount of "customer profile information" had been aggregated "through access to individual 23andMe.com accounts," the company itself had not experienced a security breach.
The company's statement emphasized, "We have no current evidence of a data security breach within our systems."
Furthermore, the statement suggested that the hacker might have amassed pilfered passwords from other sources and employed them in an effort to gain unauthorized access to 23andMe accounts. This tactic, known as credential stuffing, underscores the importance of cybersecurity experts' advice against using the same password across multiple websites.
Additionally, the statement recommended the implementation of a second layer of password security, known as two-factor authentication, as a means to thwart such hacking attempts.
Efforts to contact the hacker were unsuccessful, with at least one of their forum posts having been removed since. The extent of the breach remained unclear, as the hacker provided inconsistent details and descriptions of the stolen data.