October 18, 2023 at 02:08PM
An additional 4.1 million stolen 23andMe genetic data profiles for people in Great Britain and Germany have been leaked by a hacker known as ‘Golem’. The data was obtained through credential stuffing attacks on weak passwords. The hacker claims the stolen data includes genetic information on wealthy individuals and a CSV file containing data from 139,172 people in Germany has also been released. Lawsuits have been filed against 23andMe for insufficient protection of customer data.
Meeting Notes:
– A hacker has leaked an additional 4.1 million stolen 23andMe genetic data profiles for people in Great Britain and Germany on a hacking forum.
– The stolen data of 1 million Ashkenazi Jews who used 23andMe services was also leaked earlier this month.
– The stolen data was obtained through credential stuffing attacks on accounts using weak passwords or credentials exposed in other data breaches. 23andMe claims there is no evidence of a security incident on their IT systems.
– Only a limited number of accounts were breached, but those who opted into the ‘DNA Relatives’ feature had their data scraped by the threat actor.
– The leaked data includes genetic information on the royal family, the Rothschilds, and the Rockefellers, although this has not been confirmed.
– An additional 4.1 million data profiles were leaked yesterday, including 4,011,607 lines of 23andMe data for people living in Great Britain, and a separate file with data of 139,172 people living in Germany.
– Some of the leaked data has been verified as matching known and public user and genetic information.
– The threat actor claims to have “hundreds of TBs of data” in their possession, likely indicating that this is the same stolen data.
– It is expected that further data leaks may occur as the threat actor tries to find a buyer for the stolen information.
– Lawsuits have already been filed against 23andMe, accusing the company of insufficient information and inadequate protection of customer data.