A hacker recently hacked 23andMe, a biotechnology company that offers genetic analysis to individuals. In total, the DNA data of nearly 7 million individuals was compromised.
Although they are very practical, databases are unfortunately coveted by many hackers. And for good reason: personal and banking data or even passwords of certain users can be sold at a high price on the Dark Web. But that’s not all ! Other, even more sensitive data can also arouse the desire of cybercriminals. The proof ? This Friday 1er December, the company specializing in “recreational” DNA testing, 23andMe, revealed that it had been the victim of a computer hack. In a press release sent to the US Securities and Exchange Commission, the company announced that 14,000 accounts were affected by this attack, or around 0.1% of its base. users.
23andMe: nearly 7 million people affected by this data theft
But that’s not all ! The hacker also stole “a significant number” files related to the genealogy of other users. Thanks to these 14 hacked accounts, the cybercriminal had access to other information since many customers had accepted the sharing of their data in the event of identification of a family link. “The threat actor also accessed a significant number of files containing profile information about other users’ ancestry that they chose to share when opting into 23andMe’s ‘DNA Relatives’ feature “, the company explained in its press release.
In total, the DNA data of 6.9 million people was stolen by the hacker, as revealed by Katie Watson, spokesperson for 23andMe, in an email sent to TechCrunch. Among the stolen data, we find in particular the name of the customers, their year of birth, their location, information concerning their percentage of DNA shared with their parents or even ancestry reports.
In his press releasethe company indicated that there was no “no evidence of a breach of its own systems.” “We believe bad actors were able to access some accounts in cases where users recycled credentials, i.e. the usernames and passwords used on 23andMe.com were the same as those used on other sites that have previously been hacked”, said 23andMe. Furthermore, the company announced that it would implement a “two-factor authentication” to protect against future attacks. It would have been better to think about it before…