An unidentified hacker claims to have millions of genetic profiles obtained from compromised 23andMe customer accounts. The profiles allegedly contain email addresses, photos, gender, date of birth, and DNA ancestry information. The hacker suggests that this data could be used to target individuals based on their ethnicity.
23andMe, a company that provides genetics testing kits and analyzes saliva samples to generate ancestry and health reports, has confirmed that genuine customer data is being sold on a hacker forum. However, the company states that there is no evidence of a breach in its information systems. Instead, it appears that the hacker gained access to individual customer accounts by reusing credentials obtained from databases of other hacked services on the internet.
The hacker also appears to have created profiles of additional individuals by using the names of relatives connected to 23andMe customers through the company’s “DNA Relatives” feature. This feature allows users to connect with potential relatives who share similar DNA and exchange genetic profiles.
“We are taking this matter seriously and will continue our investigation to validate these initial findings,” stated 23andMe.
On October 2, an anonymous seller posted on a data hacking forum claiming to possess a “one million Ashkenazi database,” referring to individuals of central and eastern European Jewish heritage.
