Posts Tagged: user
23andMe user data breached in credential-stuffing attack
Biotech company 23andMe, known for its DNA testing kits, confirmed to BleepingComputer that its user data is circulating on hacker forums. The company said the leak occurred through a credential-stuffing attack.
A credential-stuffing attack involves user information that has already been compromised (usernames and passwords, for example) from one organization, which a hacker obtains and attempts to reuse with a second organization — in this case, 23andMe. Because of the nature of credential-stuffing, it does not appear this was a breach of the company’s internal systems. Rather, accounts were broken into piecemeal. The perpetrators of this attack appear to have obtained quite sensitive information from the compromised accounts (genetic testing results, photos, full names and geographical location, among other things).
The initial leak comprised “1 million lines of data for Ashkenazi people,” according to BleepingComputer. By October 4, data was being offered for sale in bulk, in increments of 100, 1,000, 10,000 or 100,000 profiles. The scale of the attack is as yet unknown, but the scope of its impact has likely been exacerbated by 23andMe’s ‘DNA Relatives’ feature. “Relatives are identified by comparing your DNA with the DNA of other 23andMe members who are participating in the DNA Relatives feature,” the company states. After accessing an unknown number of profiles via credential-stuffing, the threat actor behind this breach apparently scraped the ‘DNA Relatives’ results for those profiles, netting much more sensitive data. According to the same FAQ page, “The number of relatives listed [..] grows over time as more people join 23andMe.” For the fiscal year 2023, the company reported it “genotyped” around 14 million customers.
Ever since 23andMe went public in 2021, the company has faced extra scrutiny for its data protection practices — rightly so, since it deals with sensitive medical data derived from saliva sampling, including predispositions for diseases like Alzheimer’s, Type 2 diabetes and even cancer. On its website the company claims it “exceeds” data protection standards for its industry.
This article originally appeared on Engadget at https://www.engadget.com/23andme-user-data-breached-in-credential-stuffing-attack-231757254.html?src=rss
Engadget is a web magazine with obsessive daily coverage of everything new in gadgets and consumer electronics
Is WeChat spying on user conversations?
If you frequently use WeChat, you might want to be careful with your conversations. A new bombshell report alleges that the popular Chinese messaging platform is spying on messages from both users from China and other foreign countries to fuel its censorship algorithm. That’s a pretty scary accusation. WeChat spying on users This report comes […]
Come comment on this article: Is WeChat spying on user conversations?
OnePlus leaked user emails through ‘Shot On OnePlus’ photo sharing app
The Oppo spinoff’s latest in a long line of blunders involves the leaking of hundreds of user emails through the insecure servers of their photo sharing app. OnePlus has a long history of being caught up in lies, deceits, and other needless controversies; from confusingly pointless and offensive schemes such as ‘Ladies First’ awarding the […]
Come comment on this article: OnePlus leaked user emails through ‘Shot On OnePlus’ photo sharing app
500px reveals 2018 breach that exposed user data
Engadget RSS Feed
Amazon goofed, accidentally allowed one Echo user to listen to someone else’s recorded messages
Amazon has apparently made a pretty big mistake with their Echo devices by giving a user in Germany access to someone else’s recorded messages. The error wasn’t the Echo or Alexa’s fault in any way, so don’t freak out about your Echo Dot in the corner, but it’s still a fairly big mess up on […]
Come comment on this article: Amazon goofed, accidentally allowed one Echo user to listen to someone else’s recorded messages
‘MechWarrior 5’ will revolve around co-op and user mods
Piranha Games is starting to open up on what MechWarrior 5: Mercernaries will entail after a year of teasing, and it's good news if you don't always want to play alone. The robot battler should launch in December 2018 with co-op play as a central fe…
Engadget RSS Feed
Conspiracy theorists think this ancient Greek statue depicts a laptop user
Conspiracy theorists think time travelers brought laptops back to the ancient Greeks — presumably via TARDIS or a plutonium-powered DeLorean — pointing to a marble statue to make their point. It was probably a just chest.
The post Conspiracy theorists think this ancient Greek statue depicts a laptop user appeared first on Digital Trends.
Yahoo just released a ton of user data in the name of academia
In what is purported to be the largest ever cache of Internet data ever granted to researchers, Yahoo is granting universities access to the online behaviors of some 20 million anonymous users.
The post Yahoo just released a ton of user data in the name of academia appeared first on Digital Trends.