Privacy, Data Security

Data-scraping attack against 23andMe hits 1.3M

Major U.S. biotechnology and genetic testing firm 23andMe was discovered by a security researcher to have had data from more than 1.3 million Ashkenazi Jew and Chinese users compromised in a data-scraping incident, reports The Record, a news site by cybersecurity firm Recorded Future. Such a discovery comes after 23andMe dismissed information on a hacking forum selling data from almost 7 million of its users as "misleading" and said that some information from users that sought the company's DNA Relative feature was obtained by threat actors not through hacking its systems but via credentials leaked in other cyberattacks. Information impacted by the incident included individuals' names, genders, birth years, ancestral heritage results, maternal and paternal genetic markers, profile and account numbers, and details regarding opt-ins to 23andMe health data, said the researcher. The researcher also noted that entering exposed 23andMe profile IDs could also enable access to certain types of information. "23andMe seems to think this isn't a big deal... And the fact that someone was able to scrape this data from 1.3 million users is concerning. The hacker allegedly has more data that they have not released yet," the researcher added.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.