Posts Tagged: relatives
23andMe hackers accessed ancestry information on millions of customers using a feature that matches relatives
An SEC filing has revealed more details on a data breach affecting 23andMe users that was disclosed earlier this fall. The company says its investigation found hackers were able to access the accounts of roughly 0.1 percent of its userbase, or about 14,000 of its 14 million total customers, TechCrunch notes. On top of that, the attackers were able to exploit 23andMe’s opt-in DNA Relatives (DNAR) feature, which matches users with their genetic relatives, to access information about millions of other users. A 23andMe spokesperson told Engadget that hackers accessed the DNAR profiles of roughly 5.5 million customers this way, plus Family Tree profile information from 1.4 million DNA Relative participants.
DNAR Profiles contain sensitive details including self-reported information like display names and locations, as well as shared DNA percentages for DNA Relatives matches, family names, predicted relationships and ancestry reports. Family Tree profiles contain display names and relationship labels, plus other information that a user may choose to add, including birth year and location. When the breach was first revealed in October, the company said its investigation “found that no genetic testing results have been leaked.”
According to the new filing, the data “generally included ancestry information, and, for a subset of those accounts, health-related information based upon the user’s genetics.” All of this was obtained through a credential-stuffing attack, in which hackers used login information from other, previously compromised websites to access those users’ accounts on other sites. In doing this, the filing says, “the threat actor also accessed a significant number of files containing profile information about other users’ ancestry that such users chose to share when opting in to 23andMe’s DNA Relatives feature and posted certain information online.”
Following the discovery of the breach, 23andMe instructed affected users to change their passwords and later rolled out two-factor authentication for all of its customers. In another update on Friday, 23andMe said it had completed the investigation and is notifying everyone who was affected. The company also wrote in the filing that it “believes that the threat actor activity is contained,” and is working to have the publicly-posted information taken down.
Update, December 2 2023, 7:03PM ET: This story has been updated to include information provided by a 23andMe spokesperson on the scope of the breach and the number of DNA Relative participants affected.
This article originally appeared on Engadget at https://www.engadget.com/23andme-hackers-accessed-ancestry-information-from-thousands-of-customers-and-their-dna-relatives-205758731.html?src=rss
Engadget is a web magazine with obsessive daily coverage of everything new in gadgets and consumer electronics
Amazon’s new pitch: let Alexa speak as your relatives from beyond the grave
At Amazon’s Re:Mars conference, Alexa’s senior vice-president Rohit Prasad exhibited a startling new voice assistant capability: the supposed ability to mimic voices. So far, there's no timeline whatsoever as to when or if this feature will be released to the public.
Stranger still, Amazon framed this copycatting ability as a way to commemorate lost loved ones. It played a demonstration video in which Alexa read to a child in the voice of his recently deceased grandmother. Prasad stressed that the company was seeking ways to make AI as personal as possible. “While AI can’t eliminate that pain of loss, he said, "it can definitely make the memories last.” An Amazon spokesperson told Engadget that the new skill can create a synthetic voiceprint after being trained on as little as a minute of audio of the individual it's supposed to be replicating.
Security experts have long held concerns that deep fake audio tools, which use text-to-speech technology to create synthetic voices, would pave the way for a flood of new scams. Voice cloning software has enabled a number of crimes, such as a 2020 incident in the United Arab Emirates where fraudsters fooled a bank manager into transferring $ 35 million after they impersonated a company director. But deep fake audio crimes are still relatively unusual, and the tools available to scammers are, for now, relatively primitive.