In October 2023, 23andMe, a leading personal genomics company, experienced a data breach that shattered many users’ trust. Hackers gained unauthorized access to millions of user profiles, raising serious concerns about privacy and the security of sensitive genetic information.
The Scope of the Attack
There are conflicting reports on the exact number of affected users. Initial reports suggested millions of profiles were compromised, with a hacker known as Golem claiming to possess a vast trove of data. 23andMe initially downplayed the impact, stating only 0.1% (roughly 14,000) of user accounts were directly accessed. However, later reports revealed a more concerning picture. The company acknowledged that while a smaller number of accounts were directly infiltrated, the hackers were able to access information on millions more through compromised “DNA Relatives” and “Family Tree” features linked to the breached accounts. This brought the total number of impacted profiles to around 6.9 million, a significant portion of 23andMe’s user base.
Also Read: Wordle today June 7, 2024: 084 daily clues
The compromised data included:
- Ancestry information: This could reveal ethnic origins and potentially sensitive details about family history.
- Health predispositions: For some users, genetic data was used to predict health risks for certain diseases. This exposure raised fears of discrimination by insurance companies or employers.
- User profiles: This included potentially any information users entered into their profiles, such as names, locations, and contact details.
Hackers got nearly 7 million people’s data from 23andMe – Confirm Report
Three years ago, a man in Florida named JL decided, on a whim, to send a tube of his spit to the genetic testing site 23andMe in exchange for an ancestry report. JL, like millions of other 23andMe participants before him, says he was often asked about his ethnicity and craved a deeper insight into his identity. He said he was surprised by the diversity of his test results, which showed he had some Ashkenazi Jewish heritage.
Since then, 23andMe has acknowledged that hackers obtained access to 14,000 user accounts during the course of five months last year; some of these accounts disclosed private, sensitive health information. In a January data breach notification letter received earlier this month by California’s attorney general, the corporation disclosed specifics of the kinds of data that were pilfered during its months-long hack. Hackers gained access to highly sensitive data, including carrier-status reports and reports on health predispositions derived from the processing of an individual’s genetic information, as well as “uninterrupted raw genotype data” belonging to individuals. Even worse, 23andMe revealed that additional personal data from as many as 5.5 million individuals who choose to participate in a service that allows them to locate and get in touch with genetic relatives was also obtained by the crooks.
In an email sent to TechCrunch late, 23andMe spokesperson Katie Watson confirmed that hackers accessed the personal information of about 7 million people who opted-in to 23andMe’s DNA Relatives feature, which allows customers to automatically share some of their data with others. The stolen data included the person’s name, birth year, relationship labels, the percentage of DNA shared with relatives, ancestry reports and self-reported location.
The hackers’ attempts were only made public by 23andMe after a user made a post on a 23andMe subreddit in early October revealing that the data was for sale. After a thorough examination into the issue, it was discovered that hackers had been attempting—and occasionally succeeding—to obtain access since at least April 2023. The attacks had persisted until the end of September, or over five months. A 23andMe representative told the Guardian via email that the business did not “find a breach” within 23andMe systems and that the situation was instead caused by recycled login credentials that were compromised from certain individuals.
Credential Stuffing: The Culprit
The attack exploited a common hacking tactic called credential stuffing. Hackers use bots to try usernames and passwords stolen from other data breaches on numerous sites. If a user employs the same login credentials across multiple platforms, hackers can gain access to their accounts on other sites, including 23andMe. This highlights the importance of using strong, unique passwords for every online service.
User Experiences: A Loss of Trust
The breach left many users feeling exposed and vulnerable. Here are some reported experiences:
- Sarah H., a user from California, expressed concern about her health data being leaked. She had uploaded her DNA to 23andMe for insights into potential health risks but now worried this information could be used against her.
- David L., a user with a family history of a specific genetic disease, feared that his compromised profile might reveal this information to insurance companies, potentially leading to higher premiums or even denial of coverage.
- Many users reported a sense of betrayal by 23andMe, feeling the company had not adequately protected their sensitive data.
Interesting Story: SpaceX Starship Launch – 4th Test Flight Of The World’s Most Potent Rocket, Nail-Biting Experience
Aftermath and Response
23andMe assured users they were investigating the incident and implementing stricter security measures. They offered free credit monitoring services to affected users. However, the damage to trust was significant. The company faced lawsuits and criticism from privacy advocates.
This incident underscores the evolving landscape of data privacy in the age of genetic testing. As we entrust companies with our most personal information, robust security protocols and transparent communication become paramount.
Here are some additional points to consider:
- The Long-Term Impact: The full repercussions of the breach may not be known for years. Could the stolen data be used for identity theft, targeted advertising, or even future medical interventions?
- Regulation and Oversight: The 23andMe hack highlights the need for stricter regulations governing the collection, storage, and use of genetic data.
- User Education: Consumers need to be more aware of the risks involved in genetic testing and take steps to protect their privacy, such as using strong passwords and being mindful of the information they share with these companies.
The 23andMe hack serves as a cautionary tale, reminding us of the delicate balance between innovation and privacy in the world of genetic data. As this technology continues to evolve, so too must our efforts to safeguard our most sensitive information.
-
WWE Bad Blood 2024: Everything You Need to Know – Date, India Timings, Full Match Card, and How to Watch
WWE fans across the globe are eagerly awaiting the return of one of the most iconic pay-per-view events, WWE Bad Blood, which makes its triumphant comeback after two decades. Here’s everything you need to know about WWE Bad Blood 2024, including the match card, viewing options, and key event details. Event Overview Date: WWE Bad…
-
UNLV vs Syracuse Football Thriller – October 4, 2024
In a dramatic showdown on October 4, 2024, the Syracuse Orange narrowly defeated the UNLV Rebels 44-41 in overtime at Allegiant Stadium, Las Vegas. Both teams entered the game with matching 4-1 records, and the contest lived up to the hype with high-paced scoring and critical plays. First Quarter: Syracuse Takes Early Lead Syracuse took…
-
Joker 2’s Rotten Tomatoes Score: A Disappointing Turn for the Sequel?
Joker: Folie à Deux, the highly anticipated sequel to 2019’s Joker, has landed with less than stellar reviews, leaving fans and critics divided. Despite initial excitement, the Rotten Tomatoes score for the movie has raised concerns about its overall impact and reception. As of early October 2024, Joker 2 holds a disappointing Rotten Tomatoes score…
-
Student Loan Forgiveness Program from Biden Clarifies Legal Hurdles – Who Stands to Benefit?
In a significant legal victory for President Joe Biden’s administration, a federal judge recently lifted a block on Biden’s student loan forgiveness plan, clearing the way for millions of borrowers to receive relief. The latest iteration of this program, developed after the Supreme Court struck down an earlier attempt, aims to wipe out some or…
-
Europa League Showdown: How to Livestream Porto vs. Manchester United from Anywhere (2024)
The UEFA Europa League 2024 is heating up, and one of the marquee matchups sees FC Porto take on Manchester United at the iconic Estádio do Dragão. With both clubs eager to make their mark in the tournament, fans worldwide are eager to follow the action. Here’s a guide on how to stream this highly…
-
Better Man: Robbie Williams’ Biopic Trailer Promises an Unconventional and Emotional Journey
Robbie Williams’ much-anticipated biopic, Better Man, is set to take audiences on a surreal yet deeply emotional journey through his life, as revealed by the new trailer released on October 2, 2024. Directed by Michael Gracey, known for The Greatest Showman, the film offers an innovative take on the life of the British pop superstar,…
-
Champions League Soccer: How to Watch Slovan Bratislava vs. Manchester City Live From Anywhere
The UEFA Champions League match between Slovan Bratislava and Manchester City promises excitement, as City, the reigning English champions, travel to Slovakia. Taking place on October 1, 2024, at the Tehelne Pole Stadium in Bratislava, the game kicks off at 9:00 p.m. local time (3:00 p.m. Eastern Time). Where to Watch: Team News: Key Match…
-
Gavin Creel: Broadway and ‘American Horror Story’ Star Dies at 48 After Battle with Rare Cancer
Renowned Broadway actor Gavin Creel, aged 48, has tragically passed away following a brief yet fierce battle with a rare and aggressive form of cancer, metastatic melanotic peripheral nerve sheath sarcoma. Diagnosed in July 2024, Creel had been receiving treatment at New York’s Memorial Sloan Kettering before transitioning to hospice care. His death was confirmed…
Dwayne Paschke specializes in writing, management, development, design and Search Engine Optimization. Although he has worked for 8 years in the industry, he never found an ideal person to work with as a partner. Later, he found Sebastian Pearson, and they both found specific understanding between them. Both of them divided their tasks in this project and are running this venture successfully.