Genetic testing firm 23andMe has suffered a data breach.
1 million data points exclusively about Ashkenazi Jews have been advertised for sale on a cybercrime forum. There's also information about hundreds of thousands of users of Chinese descent.
It appears to be a credential stuffing attack—where previously leaked logins and passwords from other sites are tried on 23andMe—with the attackers then scraping data from profiles
npub1jpjhesv3j86lc2hgkuvwpewhzefl8x4mlhz373t2dmgka7yg6zxsnzdkzf (npub1jpj…dkzf)'s story has all the details we know so far:
https://www.wired.com/story/23andme-credential-stuffing-data-stolen/ #cybersecurity #news #tech #23andme #infosec
Matt Burgess /
npub1he…eam87
2023-10-07 07:51:17
Author Public Key
npub1heqvu9zdpaak57gh5yy5w3s4detwzesnj30fhug9m5qdd9yf8yxqneam87Published at
2023-10-07 07:51:17Event JSON
{
"id": "e38d32d48b51b7622f7a627cbb021e98e9b14ae3dfce238ee4a9a4a4c77f8e4f",
"pubkey": "be40ce144d0f7b6a7917a1094746156e56e16613945e9bf105dd00d69489390c",
"created_at": 1696665077,
"kind": 1,
"tags": [
[
"p",
"90657cc19191f5fc2ae8b718e0e5d71653f39abbfdc51f456a6ed16ef888d08d",
"wss://relay.mostr.pub"
],
[
"p",
"184f1d15cd546d96cca388276fdb3843cd94bbd2e4da2899cad768d86d70c1c7",
"wss://relay.mostr.pub"
],
[
"t",
"cybersecurity"
],
[
"t",
"news"
],
[
"t",
"tech"
],
[
"t",
"23andme"
],
[
"t",
"infosec"
],
[
"proxy",
"https://infosec.exchange/users/mattburgess/statuses/111192642495010613",
"activitypub"
]
],
"content": "Genetic testing firm 23andMe has suffered a data breach. \n\n1 million data points exclusively about Ashkenazi Jews have been advertised for sale on a cybercrime forum. There's also information about hundreds of thousands of users of Chinese descent.\n\nIt appears to be a credential stuffing attack—where previously leaked logins and passwords from other sites are tried on 23andMe—with the attackers then scraping data from profiles\n\nnostr:npub1jpjhesv3j86lc2hgkuvwpewhzefl8x4mlhz373t2dmgka7yg6zxsnzdkzf's story has all the details we know so far: \n https://www.wired.com/story/23andme-credential-stuffing-data-stolen/ #cybersecurity #news #tech #23andme #infosec",
"sig": "d1b5b006602915c26e6ca2e0c373e43e468cb1ea6b1b18e5848c35693e6481ae67d6c1f316606c5dcc1f0f80e2c8124deb6f3a372b4152061f454cb167d31705"
}