[ad_1]
The identical hacker who leaked a trove of person information stolen from the genetic testing firm 23andMe two weeks in the past has now leaked thousands and thousands of recent person data.
On Tuesday, a hacker who goes by Golem printed a brand new dataset of 23andMe person info containing data of 4 million customers on the identified cybercrime discussion board BreachForums. TechCrunch has discovered that a few of the newly leaked stolen information matches identified and public 23andMe person and genetic info.
Golem claimed the dataset accommodates info on individuals who come from Nice Britain, together with information from “the wealthiest individuals residing within the U.S. and Western Europe on this record.”
23andMe spokespeople didn’t instantly reply to a request for remark.
On October 6, 23andMe introduced that hackers had obtained some person information, claiming that to amass the stolen information the hackers used credential stuffing — a standard method the place hackers strive combos of usernames or emails and corresponding passwords which might be already public from different information breaches.
Contact Us
Do you have got extra details about the 23andMe incident? We’d love to listen to from you. You may contact Lorenzo Franceschi-Bicchierai securely on Sign at +1 917 257 1382, or by way of Telegram, Keybase, and Wire @lorenzofb, or e mail lorenzo@techcrunch.com. You too can contact TechCrunch by way of SecureDrop.
In response to the incident, 23andMe prompted customers to alter their passwords and inspired switching on multi-factor authentication. On its official web page addressing the incident, 23andMe stated it has launched an investigation with assist from “third-party forensic consultants.” 23andMe blamed the incident on its clients for reusing passwords, and an opt-in characteristic referred to as DNA Family members, which permits customers to see the information of different opted-in customers whose genetic information matches theirs. If a person had this characteristic turned on, in concept it could permit hackers to scrape information on multiple person by breaking right into a single person’s account.
There are nonetheless a variety of unanswered questions on this incident. It’s not identified if the hackers really used credential stuffing and never one other method to steal the information, how a lot person information was stolen, and what the hackers intend to do with it.
The incident seems to have been performed, or at the least launched, a number of months in the past. On August 11, a hacker on one other cybercrime discussion board referred to as Hydra marketed a set of 23andMe person information. That set of person information matched a few of the person data leaked two weeks in the past, in line with a TechCrunch evaluation.
On Hydra, the hacker claimed to have 300 terabytes of 23andMe person information, although the hacker didn’t present any proof for this declare.
Whatever the many unanswered questions, what’s clear is that we nonetheless don’t know the complete extent of this information leak. And it’s not clear that 23andMe is aware of but how a lot information was taken.
[ad_2]
Source link
