20180159 23 and Me blames users for data breachPN
(The hack is much more interesting because of the races they hacked)
Some 23andMe user data has been compromised. Here’s what you need to knowOct. 6, 2023
Hackers targeted data related to Ashkenazi Jews, according to Wire
23andMe confirmed to Wired on Friday that a subset of their user data was compromised by hackers guessing login credentials. Once they were logged in, the hackers accessed additional data using the company’s DNA Relatives feature.
Wired reported that though the data extracted doesn’t appear to include “actual, raw genetic data,” it does include display name, sex, birth year and genetic ancestry like “broadly European” or “broadly Arabian.”
After extracting the data,hackers began selling it on BreachForumsearlier this week and advertised that more than1 million data points were from Ashkenazi Jews. The data was sold from $1 to $10 per accountdepending on how much data was purchased.
In its statement to Wired, 23andMe said, “We were made aware that certain 23andMe customer profile information was compiled through access to individual 23andMe.com accounts. We believe that the threat actor may have then, in violation of our terms of service, accessed 23andme.com accounts without authorization and obtained information from those accounts.”
Who are Ashkenazi Jews?
“Ashkenazim” originally referred to Jews in Germany, but has “come to refer more broadly toJews from Central and Eastern Europe,” according to My Jewish Learning. Roughly half of the world’s Jewish population today identifies as Ashkenazi, per Harvard.
Wired reported, “The full picture of why the data was stolen, how much more the attackers have, and whether it is actually focused entirely on Ashkenazim is still unclear.”
One researcher examined several released files of 23andMe’s compromised data and discovered thatin addition to the file containing 1 million data points on Ashkenazi Jews, another file contained 300,000 data points on “users of Chinese heritage,” per The Record.
How many users does 23andMe have?
In May, 23andMe reported that it hasmore than 14 million users.
(https://www.deseret.com/2023/10/6/23906963/23andme-data-compromised
23andMe blames usersfor data breach, citing recycled passwords
By Eric Revell, Fox Business
Genetic testing company 23andMe is facing a class action lawsuit after users’ data was accessed without authorization – a breach it blames on customers who used a recycled password as login credentials for their account on the home DNA firm’s website.
23andMe wrote in a letter responding to attorneys representing customers whose data was exposed that no breach occurred under the provisions of the California Privacy Rights Act because users targeted in the initial breach were using login credentials that had been exposed in breaches involving other websites through the use of a tactic called “credential stuffing.” The letter was first reported by TechCrunch and confirmed independently by FOX Business.
The company reiterated the position it took when it first revealed the incident in October, writing that “unauthorized actors managed to access certain user accounts in instances where users recycled their own login credentials –
Around 14,000 accounts of 23andMe users were targeted in the initial incident andhackers used those accounts to access the data of 6.9 million users. From the initial 14,000 breached accounts, the hacker accessed information from about 5.5 million DNA Relatives profiles and roughly 1.4 million Family Tree feature profiles connected to the compromised accounts.
“Rather than acknowledge its role in this security disaster, 23andMe has apparently decided to leave its customers out to dry while downplaying the seriousness of these events,” Hassan Zavareei, an attorney
He also noted that “the breach impacted millions of consumers whose data was exposed through the DNA Relatives feature on 23andMe’s platform, not because they used recycled passwords.”
“Of those millions, only a few thousand accounts were compromised due to credential stuffing,” Zavareei added.
In the wake of the breach, hackers posted roughly 1 million data pointsassociated with users of Ashkenazi Jewish heritage and similar data related to over 300,000 users with Chinese heritage.
https://nypost.com/2024/01/03/news/23andme-blames-users-for-data-breach-citing-recycled