23andMe's database hacked in what appears to a target attack on Ashkenazi Jewish users

image
a chain link fence by Warren Umoh is licensed under Unsplash unsplash.com
According to a report from NBC News, those with Ashkenazi Jewish ancestry who have used the genetic testing service 23andMe, may have their data leaked and shared all over the internet thanks to hackers. About half of all Jewish people are of Ashkenazi descent, meaning their anscestors hailed from central or eastern Europe. 

A database that has been allegedly shared on several dark web forums and viewed by NBC News itself, has a list of 999,999 people who supposedly used the 23andMe service.

The database includes tons of sensitive information including first names, last names, sex and 23andMe's evaluation of where their ancestors came from. The database is titled, "Ashkenazi DNA Data of Celebrities." However, according to NBS News, most of the people on the database are not famous.

The database appears to have been sorted to only include people with Ashkenazi heritage. NBC News was able to verify the data of two 23andMe users in the breach as "authentic." One person who appears in the database said, "Crazy, this could be used by Nazis."

23andMe is actively investigating the breach, treating the leak as authentic. A 23andMe spokesperson said that the company believes that their database wasn't exactly hacked.

The spokesperson said that instead, they believe the hackers "simply gained some users' passwords" that had been hacked and leaked from other sites and that they "then exploited the fact that 23andMe can give users vast access to each others' genetic information."

According to NBC News, a user on a popular hacker forum claimed to have allegedly made an even larger database of users for sale. However, it is unclear if the person who compiled the list to include only Ashkenazi heritage is the same person or group who initially made it for sale.

According to Wired, the initial data sample posted by a group of hackers on the platform BreachForums, claimed that it contained one million data points exclusively about those of Ashkenazi heritage. 

Hundreds of thousands of users of Chinese descent also seem to have been impacted by the leak. During the initial sale, the 23andMe profiles were being sold for anything between one and 10 dollars.

23andMe said, "We were made aware that certain 23andMe customer profile information was compiled through access to individual 23andMe.com accounts. We believe that the threat actor may have then, in violation of our terms of service, accessed 23andMe.com accounts without authorization and obtained information from those accounts."

The entire picture of why the data was stolen, how much more the attackers have and whether it is truly focused entirely on those of Ashkenazim heritage is still unclear. 

Brett Callow, a threat analyst at security firm Emsisoft, said, "When data is shared relating to ethnic, national, political or other groups, sometimes it's because those groups have been specifically targeted, but sometimes it's because the person sharing the data thinks it'll make reputation-boosting headlines."

Callow said, "This incident really highlights the risks associated with DNA databases. The fact that accounts had reportedly opted into the 'DNA Relatives' feature is particularly concerning as it could potentially result in extremely sensitive information becoming public."

 
For corrections or revisions, click here.
The opinions reflected in this article are not necessarily the opinions of LET
Sign in to comment

Comments

Powered by LET CMS™ Comments

Get latest news delivered daily!

We will send you breaking news right to your inbox

© 2024 Law Enforcement Today, Privacy Policy