A hacker has leaked an extra 4.1 million stolen 23andMe genetic information profiles for folks in Nice Britain and Germany on a hacking discussion board.
Earlier this month, a risk actor leaked the stolen information of 1 million Ashkenazi Jews who used 23andMe companies to search out their ancestry information and genetic predispositions.
23andMe informed BleepingComputer that this information was obtained via credential stuffing assaults on accounts utilizing weak passwords or credentials uncovered in different information breaches. Nevertheless, the corporate says there isn’t any proof of a safety incident on their IT methods.
Supply: BleepingComputer
The corporate says that solely a restricted variety of accounts had been breached, however they opted into the ‘DNA Family‘ characteristic, permitting the risk actor to scrape hundreds of thousands of particular person’s information.
One other 4.1 million information packs leaked
Yesterday, a risk actor named ‘Golem,’ who’s allegedly behind the 23andMe assaults, leaked an extra 4.1 million information profiles of individuals in Nice Britain and Germany on the BreachForums hacking discussion board.
This extra leak contains 4,011,607 strains of 23andMe information for folks dwelling in Nice Britain.
The risk actors declare that the stolen information contains genetic data on the royal household, the Rothschilds, and the Rockefellers. BleepingComputer has not been in a position to verify if these statements are correct.
“You’ll be able to see the wealthiest folks dwelling within the US and Western Europe on this checklist,” the hackers say within the under discussion board publish.
Immediately, the identical hacker launched an extra CSV file containing the 23andMe information of 139,172 folks dwelling in Germany.
As reported by TechCrunch, a few of the newly leaked information from Nice Britain has been verified as matching recognized and public person and genetic data.
TechCrunch additionally stories that a few of the leaked 23andMe information was being offered in August 2023 on the now-shutdown Hydra hacking discussion board, the place the risk actor claimed to have stolen 300 terabytes of information.
The risk actor on BreachForums additionally claims to have “lots of of TBs of information” of their possession, seemingly indicating that this is similar stolen information.
With the quantity of allegedly stolen data, we’ll seemingly proceed to see additional information leaks because the risk actor makes an attempt to drum up sufficient curiosity to get a purchaser.
Whereas 23andMe says that solely a small variety of buyer accounts had been breached, the DNA Family characteristic turned this right into a considerably bigger information leak.
These leaks have already led to a myriad of lawsuits in opposition to 23andMe that declare there’s a ignorance concerning the breach and that the corporate didn’t adequately defend clients’ information.
