A major breach of personal data has occurred at 23andMe, a popular genetic testing service that allows users to discover their ancestry and health risks. According to a report by Decrypt1, hackers used a technique called credential stuffing to access the accounts of more than 10,000 customers and steal their genetic information.
Credential stuffing is a type of cyberattack that involves using stolen or leaked usernames and passwords from one website to try to log into another website. The hackers exploited the fact that many people reuse the same passwords across different platforms, and were able to access the 23andMe accounts of those who had used the same credentials elsewhere.
The stolen data includes the customers’ names, email addresses, phone numbers, and most importantly, their genetic reports. These reports contain sensitive information about the customers’ ancestry, ethnicity, health conditions, traits, and relatives. The hackers could potentially use this data for identity theft, blackmail, or other malicious purposes.
23andMe has confirmed the breach and said that it has notified the affected customers and reset their passwords. The company also said that it has implemented additional security measures to prevent future attacks. However, some customers have expressed their anger and frustration over the incident, and questioned the company’s ability to protect their privacy.
The breach highlights the risks of entrusting personal data to third-party services, especially those that deal with biometric or genetic information. Users are advised to use strong and unique passwords for each website they use, and to enable two-factor authentication whenever possible. Additionally, users should be careful about what kind of data they share online, and who they share it with.