In October 2023, 23andMe, a leading personal genomics company, experienced a data breach that shattered many users’ trust. Hackers gained unauthorized access to millions of user profiles, raising serious concerns about privacy and the security of sensitive genetic information.
The Scope of the Attack
There are conflicting reports on the exact number of affected users. Initial reports suggested millions of profiles were compromised, with a hacker known as Golem claiming to possess a vast trove of data. 23andMe initially downplayed the impact, stating only 0.1% (roughly 14,000) of user accounts were directly accessed. However, later reports revealed a more concerning picture. The company acknowledged that while a smaller number of accounts were directly infiltrated, the hackers were able to access information on millions more through compromised “DNA Relatives” and “Family Tree” features linked to the breached accounts. This brought the total number of impacted profiles to around 6.9 million, a significant portion of 23andMe’s user base.
Also Read: Wordle today June 7, 2024: 084 daily clues
The compromised data included:
- Ancestry information: This could reveal ethnic origins and potentially sensitive details about family history.
- Health predispositions: For some users, genetic data was used to predict health risks for certain diseases. This exposure raised fears of discrimination by insurance companies or employers.
- User profiles: This included potentially any information users entered into their profiles, such as names, locations, and contact details.
Hackers got nearly 7 million people’s data from 23andMe – Confirm Report
Three years ago, a man in Florida named JL decided, on a whim, to send a tube of his spit to the genetic testing site 23andMe in exchange for an ancestry report. JL, like millions of other 23andMe participants before him, says he was often asked about his ethnicity and craved a deeper insight into his identity. He said he was surprised by the diversity of his test results, which showed he had some Ashkenazi Jewish heritage.
Since then, 23andMe has acknowledged that hackers obtained access to 14,000 user accounts during the course of five months last year; some of these accounts disclosed private, sensitive health information. In a January data breach notification letter received earlier this month by California’s attorney general, the corporation disclosed specifics of the kinds of data that were pilfered during its months-long hack. Hackers gained access to highly sensitive data, including carrier-status reports and reports on health predispositions derived from the processing of an individual’s genetic information, as well as “uninterrupted raw genotype data” belonging to individuals. Even worse, 23andMe revealed that additional personal data from as many as 5.5 million individuals who choose to participate in a service that allows them to locate and get in touch with genetic relatives was also obtained by the crooks.
In an email sent to TechCrunch late, 23andMe spokesperson Katie Watson confirmed that hackers accessed the personal information of about 7 million people who opted-in to 23andMe’s DNA Relatives feature, which allows customers to automatically share some of their data with others. The stolen data included the person’s name, birth year, relationship labels, the percentage of DNA shared with relatives, ancestry reports and self-reported location.
The hackers’ attempts were only made public by 23andMe after a user made a post on a 23andMe subreddit in early October revealing that the data was for sale. After a thorough examination into the issue, it was discovered that hackers had been attempting—and occasionally succeeding—to obtain access since at least April 2023. The attacks had persisted until the end of September, or over five months. A 23andMe representative told the Guardian via email that the business did not “find a breach” within 23andMe systems and that the situation was instead caused by recycled login credentials that were compromised from certain individuals.
Credential Stuffing: The Culprit
The attack exploited a common hacking tactic called credential stuffing. Hackers use bots to try usernames and passwords stolen from other data breaches on numerous sites. If a user employs the same login credentials across multiple platforms, hackers can gain access to their accounts on other sites, including 23andMe. This highlights the importance of using strong, unique passwords for every online service.
User Experiences: A Loss of Trust
The breach left many users feeling exposed and vulnerable. Here are some reported experiences:
- Sarah H., a user from California, expressed concern about her health data being leaked. She had uploaded her DNA to 23andMe for insights into potential health risks but now worried this information could be used against her.
- David L., a user with a family history of a specific genetic disease, feared that his compromised profile might reveal this information to insurance companies, potentially leading to higher premiums or even denial of coverage.
- Many users reported a sense of betrayal by 23andMe, feeling the company had not adequately protected their sensitive data.
Interesting Story: SpaceX Starship Launch – 4th Test Flight Of The World’s Most Potent Rocket, Nail-Biting Experience
Aftermath and Response
23andMe assured users they were investigating the incident and implementing stricter security measures. They offered free credit monitoring services to affected users. However, the damage to trust was significant. The company faced lawsuits and criticism from privacy advocates.
This incident underscores the evolving landscape of data privacy in the age of genetic testing. As we entrust companies with our most personal information, robust security protocols and transparent communication become paramount.
Here are some additional points to consider:
- The Long-Term Impact: The full repercussions of the breach may not be known for years. Could the stolen data be used for identity theft, targeted advertising, or even future medical interventions?
- Regulation and Oversight: The 23andMe hack highlights the need for stricter regulations governing the collection, storage, and use of genetic data.
- User Education: Consumers need to be more aware of the risks involved in genetic testing and take steps to protect their privacy, such as using strong passwords and being mindful of the information they share with these companies.
The 23andMe hack serves as a cautionary tale, reminding us of the delicate balance between innovation and privacy in the world of genetic data. As this technology continues to evolve, so too must our efforts to safeguard our most sensitive information.
-
Krispy Kreme’s Ghostbusters Doughnut Collection – A Spooky Collaboration for 2024
Krispy Kreme has always been known for its creative and exciting limited-edition doughnuts, and this October, the company has outdone itself once again. In celebration of the 40th anniversary of the cult-classic movie Ghostbusters, Krispy Kreme has launched a new collection of doughnuts inspired by the beloved film, offering fans a deliciously spooky treat that…
-
Ticketmaster to Pioneer New Apple Wallet Ticketing Feature on iOS 18
As the world anticipates the release of iOS 18, Apple has unveiled a revolutionary enhancement to its Apple Wallet—a feature that promises to transform the ticketing industry. Leading the charge is Ticketmaster, which is set to be the first major ticketing platform to implement this new feature. This collaboration between Apple and Ticketmaster will offer…
-
Breaking News – Addison’s Disease Rare Condition Affecting the Adrenal Glands
October 2024 – Addison’s disease, also known as primary adrenal insufficiency, is a rare yet serious condition that occurs when the adrenal glands fail to produce sufficient levels of cortisol and aldosterone. This hormonal imbalance can have a profound effect on various bodily functions, and without timely diagnosis and treatment, the disease can become life-threatening.…
-
Addison’s Disease – Rare Endocrine Disorder and Recent Advances in Treatment
Addison’s disease, also known as primary adrenal insufficiency, is a rare but potentially life-threatening condition caused by damage to the adrenal glands, which results in insufficient production of essential hormones such as cortisol and aldosterone. First identified by British physician Thomas Addison in 1855, this disorder can affect people of all ages, though it remains…
-
Northern Lights Forecast: Spectacular Aurora Expected Tonight
Tonight could offer a rare and stunning display of the Northern Lights, or Aurora Borealis, visible across several parts of the U.S. due to a severe geomagnetic storm forecasted by the National Oceanic and Atmospheric Administration (NOAA). This storm, rated G4 on a scale from G1 (minor) to G5 (extreme), is the result of a…
-
WWE Bad Blood 2024: Everything You Need to Know – Date, India Timings, Full Match Card, and How to Watch
WWE fans across the globe are eagerly awaiting the return of one of the most iconic pay-per-view events, WWE Bad Blood, which makes its triumphant comeback after two decades. Here’s everything you need to know about WWE Bad Blood 2024, including the match card, viewing options, and key event details. Event Overview Date: WWE Bad…
-
UNLV vs Syracuse Football Thriller – October 4, 2024
In a dramatic showdown on October 4, 2024, the Syracuse Orange narrowly defeated the UNLV Rebels 44-41 in overtime at Allegiant Stadium, Las Vegas. Both teams entered the game with matching 4-1 records, and the contest lived up to the hype with high-paced scoring and critical plays. First Quarter: Syracuse Takes Early Lead Syracuse took…
-
Joker 2’s Rotten Tomatoes Score: A Disappointing Turn for the Sequel?
Joker: Folie à Deux, the highly anticipated sequel to 2019’s Joker, has landed with less than stellar reviews, leaving fans and critics divided. Despite initial excitement, the Rotten Tomatoes score for the movie has raised concerns about its overall impact and reception. As of early October 2024, Joker 2 holds a disappointing Rotten Tomatoes score…
Dwayne Paschke specializes in writing, management, development, design and Search Engine Optimization. Although he has worked for 8 years in the industry, he never found an ideal person to work with as a partner. Later, he found Sebastian Pearson, and they both found specific understanding between them. Both of them divided their tasks in this project and are running this venture successfully.