Hackers’ plans for millions of stolen 23andMe DNA samples.

Hacker’s are intending to make sinister moves on millions of 23andMe DNA samples stolen in early October. A genetic testing company 23andMe, made headlines due to a data breach on the 6th of October 2023. This breach resulted in the compromise of millions of DNA samples, specifically from a feature called DNA relatives.

What’s concerning now is that unverified sources have revealed that this leaked data allegedly includes information about tech billionaires Elon Musk and Mark Zuckerberg. The attack targeted individual users en-masse and employed a technique known as credential stuffing rather than hacking the organization’s systems.

 

Hackers-plans-for-millions-of-stolen-23andMe-DNA-samples.png
                                                                     23andMe Image shot by David Paul Morris. Image-source: Wired

 

The threat actors attempted to test usernames and passwords obtained from previous data breaches to see if they were still in use by the individuals whose data was now in the hands of the hackers.

While 23andMe has claimed that the compromised data doesn’t include actual genetic information, it does include high-level account data such as personal information and breakdowns of the users’ geographic ancestral lineage, all of which were accessed by these threat actors.

The Ancestry breakdown involves analyzing a person’s genetic origins, illustrating their heritage. For instance, an individual might have 40% African, 30% British, 10% Irish, and 20% American genetic heritage.

A professor and Cybersecurity Specialist based in University of Surrey by the name Alan Woodward disclosed that:

“The main value from this hack is going to be personal information that might be used in scams later. Names, addresses, telephone numbers, general personal information-hackers tend to sell this on to scammers, who can then write spam emails that are more targeted. It’s ‘Dear Alan’ rather than ‘Dear valued customer’ so you think they know who you are, and that must be legitimate.”

The professor also have the opinion that of present their are no possible benefits of the DNA, but certainly there may be in the future when looking it from the perspective of monetization.

He (Professor Alan) further emphasized that:

“I’d be more concerned if someone had my fingerprints. Biometric data, like your face, your fingerprints, can’t be changed once it’s out in the public, and can be used to access things.”

While the data produced by the commercial DNA test extends beyond geographical mapping, it also includes predictive medical insights into an individual’s susceptibility to certain diseases like Alzheimer’s and conditions such as male pattern baldness.

Professor Alan said:

“That information may be important in society one day, perhaps for insurance companies. It is one of those things you’d rather not have out there, but probably won’t put you at risk now.”

Undoubtedly, this raises significant apprehensions about ‘DNA manipulation’ in the context of cybersecurity, as there are no constraints preventing individuals from ascertaining whether their potential partner is prone to baldness, cancer, or genetic susceptibility to alcoholism.

Such findings can be exploited to harm someone’s professional standing or character by revealing their health vulnerabilities, which could potentially curtail their career prospects in the public eye.

 

 

 

Put your comments below in the comment section on your thoughts about this.

Find this article and information helpful? Show some love and support  “Click-Here”
5 1 vote
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments