Cybercriminals Steal and Sell Your DNA From Genetic Testing Company

( — On October 6th, the genetic testing company 23andMe released a data security statement to address concerns that their database had been breached. The concerns arose when an unidentified user on a hacker forum claimed to have obtained data from over 7 million 23andMe users. The post included a link purportedly to a file containing all of this stolen data, which has since been deleted. However, another user on the forum is also claiming to have access to harvested 23andMe customer data and is offering it for sale for $100,000 for 100,000 profiles.

23andMe at first denied that any breach had occurred but then said that any data that may have been unlawfully accessed by unauthorized parties is probably a result of credential stuffing. Credential stuffing refers to the process in which login information from one website is stolen, but the hackers reuse it on other websites. This works because people often reuse the same usernames and passwords for multiple websites. 23AndMe’s public statement recommends users change their passwords and make sure that they are strong and not used for any other accounts they might have.

While 23andMe has indicated that their internal investigation is still ongoing, they believe some users’ data may have been accessed through their DNA Relatives Feature. This popular feature allows users to connect with genetic relatives who also use 23andMe and have also opted into the DNA Relatives Sharing feature. This would match up genetic relations and show them such information as your display name, your profile picture, your sex, any relatives you may have in common, the percentage of DNA you share, and predict what your familial relationship to each other may be.

There are some concerns that this data breach and the subsequent sale of personal data on the dark web may be targeting users of Jewish descent. Hackers posting on the forum BreachForums claimed to have stolen data exclusively about Ashkenazi Jews, and indications are that this data is exactly the type of information that would be available to a match through the DNA Relatives Feature. Some users are apparently selling the data for prices ranging between $1 and $10 per account. Now is the time to tighten security on all your online accounts, whether you are a 23andMe customer or not. Personal information is a lucrative commodity for unscrupulous criminals.

Copyright 2023,