23andMe, a biotech company known for its DNA testing kits, has confirmed that its user data is circulating on hacker forums. The company has stated that the leak occurred as a result of a credential-stuffing attack.
A credential-stuffing attack involves the reuse of compromised user information, such as usernames and passwords, from one organization to gain unauthorized access to another organization’s systems. In this case, the attackers used previously compromised credentials to gain access to 23andMe accounts. It is important to note that this attack does not appear to be a breach of the company’s internal systems, but rather a piecemeal compromise of individual accounts. The attackers were able to obtain sensitive information from these compromised accounts, including genetic testing results, photos, full names, and geographical locations.
The initial leak consisted of “1 million lines of data for Ashkenazi people,” as reported by BleepingComputer. By October 4, the data was being offered for sale in bulk…
2023-10-06 18:17:57
Post from www.engadget.com