Stolen User Data Circulating for Longer Than Initially Known
A security incident has been reported by genetic testing company 23andMe, after hackers advertised a trove of alleged stolen user data on a hacking forum last week. However, an investigation has revealed that the allegedly stolen data may have been circulating for much longer than initially known.
The Incident
On August 11, a hacker on a known cybercrime forum called Hydra advertised a set of 23andMe user data that matches some of the data leaked last week on another hacking forum called BreachForums. The hacker claimed to have 300 terabytes of stolen 23andMe user data and stated that they contacted 23andMe, but instead of taking the matter seriously, they asked irrelevant questions.
The Hacker’s Demands
The hacker demanded $50 million for the data, claiming that it would only be sold once. However, they also offered to sell a subset of the data for between $1,000 and $10,000.
Prior Knowledge of the Leak
At least one person saw the Hydra post and publicized it on the open internet long before news of the leak was reported last week. On August 11, a Reddit user wrote on the 23andMe unofficial subreddit, alerting other users to the alleged breach.
Matching User Data
The datasets advertised on BreachForums allegedly contain one million 23andMe users of Jewish Ashkenazi descent and 100,000 23andMe Chinese users. TechCrunch analyzed some of the allegedly stolen data by comparing it to known public genealogy records, such as those published online by hobbyists and genealogists.
Results of Analysis
TechCrunch found several dozen records in the allegedly stolen data that match the same user profile and genetic information found in public genealogy records. This appears consistent with 23andMe’s statement that the stolen data was obtained from ‘certain accounts’ by credential stuffing, a common hacking technique which consists of trying passwords for one service that have already been leaked or published online on another service, in hopes that the victim re-used a password.
Credential Stuffing
Essentially, 23andMe is blaming users for re-using passwords, and stating that the stolen data was obtained through credential stuffing. This implies that users who reused their login credentials across multiple services may have inadvertently contributed to the breach.
Consequences of the Breach
The consequences of this breach are still unknown, but it has significant implications for the security and privacy of 23andMe’s users. The company must take immediate action to notify its users and provide them with guidance on how to protect themselves from potential harm.
Response from 23andMe
A representative for 23andMe stated that they are investigating the incident and will take all necessary steps to protect their users’ data. However, the exact nature of their response remains unclear at this time.
Industry Reaction
The industry has been quick to react to the breach, with many companies issuing statements condemning the actions of the hackers and emphasizing the importance of security and privacy for their customers.
Prevention is Key
To prevent similar breaches in the future, companies must prioritize security and take proactive measures to protect their users’ data. This includes implementing robust security protocols, conducting regular security audits, and educating users on how to protect themselves from potential threats.
Conclusion
The 23andMe breach serves as a reminder of the importance of security and privacy in today’s digital landscape. As technology continues to advance and more personal data is collected and stored online, companies must prioritize the protection of their users’ data above all else.
Recommendations for Companies
- Implement robust security protocols
- Conduct regular security audits
- Educate users on how to protect themselves from potential threats
- Prioritize user data security and privacy
By taking these steps, companies can help prevent similar breaches in the future and ensure that their users’ data remains secure.
Recommendations for Users
- Use strong and unique passwords
- Enable two-factor authentication
- Regularly review account activity
- Report any suspicious activity to the company
By following these guidelines, users can help protect themselves from potential harm and maintain control over their personal data.