23andMe claims hackers accessed “significant number” of user ancestry files
Genetic essay business 23andMe announcement on Friday that the Pirates accessed around 14,000 customer accounts In THE the company recent data violation.
In A new deposit with THE WE. Securities And Exchange Commission published Friday, THE business said that, base on It is investigation In THE incident, he had determined that the Pirates had accessed 0.1% of It is customer base. According to has THE the company most recent annual earnings report, 23andMe has "more that 14 million clients global," which means 0.1% East around 14,000.
But THE business Also said that by to access those accounts, THE the Pirates were Also able has to access "A significant number of files containing profile information about other users' ancestry that such users selected has share When opt In has 23andMe DNA Parents functionality. »
THE business did not specify What that "significant number" of files East, neither how a lot of these "other users" were impacted.
23andMe did not immediately answer has A request For comment, which included questions on those numbers.
In early October, 23andMe disclosed A incident In which the Pirates had stolen a few users' data using A common technical known as “credentials Padding," by which cybercriminals To hack In A the victim account by using A known password, maybe leak due has A data infringe on another service.
THE Shame, However, did not stop with THE clients WHO had their accounts accessed. 23andMe allow users has opt In A functionality called DNA Parents. If A user registration has that functionality, 23andMe actions a few of that users information with others. That means that by to access A the victim account, the Pirates were Also able has see THE staff data of people connected has that initial victim.
23andMe said In THE deposit that For THE initial 14,000 users, THE stolen data "in general included ancestry information, And, For A subset of those accounts, health related information base on THE users genetic." For THE other subset of users, 23andMe only said that THE the Pirates stole "profile information" And SO job unspecified "certain information" online.
TechCrunch analysis THE published sets of stolen data by comparing he has known public genealogy Recordings, including websites published by amateurs And genealogists. Although THE sets of data were formatted differently, they content a few of THE even unique user And genetic information that assorted genealogy recordings published online years earlier.
THE owner of A genealogy website, For which a few of their parents' information was exposed In 23andMe data infringe, said TechCrunch that they to have about 5,000 parents discovered through 23 and me, And said OUR “correlations could take that In account."
News of THE data infringe surfaced online In October When the Pirates announcement THE alleged data of A million users of Jewish Ashkenazi descent And 100,000 Chinese users on A well known piracy forum. Roughly two weeks later, THE even pirate WHO announcement THE initial stolen user data announcement THE alleged recordings of four million more people. THE pirate was trying has sell THE data of individual victims For $1 has $10.
TechCrunch find that another pirate on A different piracy forum had announcement even more allegedly stolen user data two month Before THE advertisement that was initially reported by news electrical outlets In October. In that First of all advertisement, THE pirate claims has to have 300 terabytes of stolen 23andMe user data, And request For $50 million has sell THE entire database, Or between $1,000 And $10,000 For A subset of THE data.
In answer has THE data infringe, on October ten, 23andMe strength users has reset And change their Passwords And encouraged them has turn on multifactor authentication. And on November 6, THE business required all users has to use two step verification, according to has THE new deposit.
After THE 23andMe infringe, other DNA essay companies Ancestry And My heritage begin mandate two-factor authenticated....
Genetic essay business 23andMe announcement on Friday that the Pirates accessed around 14,000 customer accounts In THE the company recent data violation.
In A new deposit with THE WE. Securities And Exchange Commission published Friday, THE business said that, base on It is investigation In THE incident, he had determined that the Pirates had accessed 0.1% of It is customer base. According to has THE the company most recent annual earnings report, 23andMe has "more that 14 million clients global," which means 0.1% East around 14,000.
But THE business Also said that by to access those accounts, THE the Pirates were Also able has to access "A significant number of files containing profile information about other users' ancestry that such users selected has share When opt In has 23andMe DNA Parents functionality. »
THE business did not specify What that "significant number" of files East, neither how a lot of these "other users" were impacted.
23andMe did not immediately answer has A request For comment, which included questions on those numbers.
In early October, 23andMe disclosed A incident In which the Pirates had stolen a few users' data using A common technical known as “credentials Padding," by which cybercriminals To hack In A the victim account by using A known password, maybe leak due has A data infringe on another service.
THE Shame, However, did not stop with THE clients WHO had their accounts accessed. 23andMe allow users has opt In A functionality called DNA Parents. If A user registration has that functionality, 23andMe actions a few of that users information with others. That means that by to access A the victim account, the Pirates were Also able has see THE staff data of people connected has that initial victim.
23andMe said In THE deposit that For THE initial 14,000 users, THE stolen data "in general included ancestry information, And, For A subset of those accounts, health related information base on THE users genetic." For THE other subset of users, 23andMe only said that THE the Pirates stole "profile information" And SO job unspecified "certain information" online.
TechCrunch analysis THE published sets of stolen data by comparing he has known public genealogy Recordings, including websites published by amateurs And genealogists. Although THE sets of data were formatted differently, they content a few of THE even unique user And genetic information that assorted genealogy recordings published online years earlier.
THE owner of A genealogy website, For which a few of their parents' information was exposed In 23andMe data infringe, said TechCrunch that they to have about 5,000 parents discovered through 23 and me, And said OUR “correlations could take that In account."
News of THE data infringe surfaced online In October When the Pirates announcement THE alleged data of A million users of Jewish Ashkenazi descent And 100,000 Chinese users on A well known piracy forum. Roughly two weeks later, THE even pirate WHO announcement THE initial stolen user data announcement THE alleged recordings of four million more people. THE pirate was trying has sell THE data of individual victims For $1 has $10.
TechCrunch find that another pirate on A different piracy forum had announcement even more allegedly stolen user data two month Before THE advertisement that was initially reported by news electrical outlets In October. In that First of all advertisement, THE pirate claims has to have 300 terabytes of stolen 23andMe user data, And request For $50 million has sell THE entire database, Or between $1,000 And $10,000 For A subset of THE data.
In answer has THE data infringe, on October ten, 23andMe strength users has reset And change their Passwords And encouraged them has turn on multifactor authentication. And on November 6, THE business required all users has to use two step verification, according to has THE new deposit.
After THE 23andMe infringe, other DNA essay companies Ancestry And My heritage begin mandate two-factor authenticated....
What's Your Reaction?
