Genetic testing company 23andMe declared on Friday that approximately 14,000 customer accounts were compromised in its recent data breach. In an updated submission to the U.S. Securities and Exchange Commission, the company revealed that its investigation determined the breach affected 0.1% of its customer base, equivalent to around 14,000 individuals out of its reported 14 million worldwide customers.
The hackers not only gained access to these accounts but also managed to retrieve “a significant number of files” containing profile information related to other users’ ancestry who had opted into 23andMe’s DNA Relatives feature. The company refrained from specifying the exact number of impacted files or users in this category.
Despite requests for clarification on these figures, 23andMe did not immediately respond to inquiries. The data breach, disclosed in early October, utilized the “credential stuffing” method, where hackers exploit a known password obtained from a previous data breach to infiltrate a victim’s account.
The repercussions extended beyond the initially compromised accounts due to 23andMe’s DNA Relatives feature, allowing hackers to access personal data of individuals connected to the primary victim. The stolen data for the initial 14,000 users generally included ancestry information and, for a subset, health-related information based on genetics. For the other subset, 23andMe mentioned the theft of “profile infor
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: