Genetic testing company 23andMe has become the latest target of a cyberattack, with a hacker attempting to sell customer records containing names, locations, and ethnicities. The hacker specifically promoted a batch of data that pertained to individuals with Jewish ancestry. 23andMe has confirmed the authenticity of the leaked data and is currently investigating the incident.
It is believed that the hacker or their accomplices employed a common technique called credential stuffing, which involves using username-and-password combinations obtained from previous data breaches to gain unauthorized access to other accounts. This method relies on individuals reusing their login credentials across multiple platforms. Once successful login combinations were identified, the hacker was able to access all the information shared by 23andMe users with their relatives, potentially exposing hundreds of users per account.
A spokesperson for 23andMe stated that the company has reported the breach to law enforcement and stressed that this is the first instance of such an incident occurring at the firm.
The compromised data does not include sensitive genomic details, but it does include usernames, regional locations, profile photos, and birth years. It is worth noting that the usernames are often aliases rather than full legal names.
In response to the breach, 23andMe is urging its users to change their passwords and enable two-factor authentication to prevent unauthorized access using their credentials.
The stolen data has been advertised for sale on underground forums, with prices ranging from $1,000 for 100 profiles up to $100,000 for 100,000 profiles. Some posts even claimed to offer a large database of records pertaining to Ashkenazi Jews, encompassing individuals with even a 1% Jewish genetic background.
Disturbingly, some of the posts promoting the data used the handle “Golem,” a reference to a mythical creature in Jewish folklore. This choice of name garnered attention and highlights the increased targeting and attacks against Jewish communities both online and offline.
The impact of this breach could be significant, as the stolen data potentially compromises the privacy of over half of 23andMe’s 14 million customers. This estimation is based on the number of individuals who have opted to make their data visible to relatives, including distant cousins.
This incident serves as a reminder of the grave risk posed by cyberattacks on genetic testing companies. While the leaked information might not include highly sensitive genomic details, the exposure of personal information, such as usernames, locations, and photos, can still have serious consequences for affected individuals.
Furthermore, the targeting of individuals based on their Jewish ancestry is deeply concerning. It coincides with a rise in antisemitic rhetoric and physical attacks in the United States, with social media platforms amplifying conspiracy theories that blame Jews for various societal issues. This breach underscores the importance of robust cybersecurity measures and the need to combat discrimination and hatred in all its forms.
As 23andMe investigates this breach and takes steps to mitigate the damage, it is crucial for users of the platform to heed the company’s advice and take immediate action to secure their accounts. Additionally, it is imperative for society as a whole to address and counteract the rise of bigotry and prejudice, both online and offline, to ensure the safety and dignity of all communities.