Incident Details
A hacker has exposed 4.1 million more purloined genetic profiles from people in Great Britain and Germany who are registered with 23andMe. This leak follows a recent disclosure of data belonging to 1 million Ashkenazi Jews using the same service to explore their genetic heritage and predispositions. According to 23andMe's statement to BleepingComputer, the accessed information was acquired through unauthorized entry into accounts with weak passwords or credentials compromised in previous security breaches. The company has clarified that there are no indications of a security breach within their own IT infrastructure.
Incident
How Did the Breach Happen?
The security breach occurred as a result of attackers using credential stuffing techniques to gain unauthorized access to accounts with vulnerable passwords or credentials that had been compromised in previous data breaches.
What Data has been Compromised?
4.1 million genetic profiles of individuals from Great Britain and Germany have been compromised, potentially containing genetic data related to prominent families such as the royal family, the Rothschilds, and the Rockefellers.
Why Did the company's Security Measures Fail?
The security of the company was compromised as a result of ineffective passwords utilized by the impacted accounts, which enabled an unauthorized individual to gain entry.
What Immediate Impact Did the Breach Have on the company?
The repercussions of the breach are currently under evaluation. The company is conducting an investigation into the recent data leak and will inform customers if their data has been illicitly accessed.
How could this have been prevented?
Utilizing robust and distinctive passwords for every account, along with incorporating multi-factor authentication, could have averted this security breach.
What have we learned from this data breach?
The significance of utilizing robust and distinct passwords, along with incorporating extra security protocols such as multi-factor authentication, has been underscored by this breach, highlighting the necessity to safeguard sensitive information.
Summary of Coverage
A cybercriminal released an extra 4.1 million illicit genetic data profiles from 23andMe belonging to individuals in Great Britain and Germany. The security breach was a result of multiple attempts to access accounts with easily guessed passwords. The compromised data comprises genetic details of numerous people, possibly including significant figures such as members of the royal family and affluent families like the Rothschilds and the Rockefellers. The company is currently looking into the incident and implementing measures to inform customers impacted by the breach.