A hacker recently posted millions of records stolen from genetics testing company 23andMe.
This follows a smaller release due to another data breach at the beginning of October that contained several hundred thousand records, including what was reported to be many high-profile accounts like Meta founder Mark Zuckerburg and Uber/SpaceX/X CEO Elon Musk.
The complete scope of the data breach is unclear, but the released files focus on profile records of wealthy individuals in the US, the UK, and Europe.
The previous release focused on individuals with a genetic heritage that ties to the Ashkenazi Jews of central Europe.
The hacker goes by the name Golem – a Jewish term for an uncultivated person.
The data was obtained by a method called “credential stuffing,” which is a simple process of pulling dark web passwords from other sites and attempting logins using these same ID/password combinations en masse.
23andMe has made a plea to users to change or update their passwords on the site to prevent further breaches.
One of the issues that exacerbated the breach was a feature that allows users to share data with other users in an attempt to make connections with relatives.
But this also means that hackers would be able to gain entry into a single profile and then scrape data from all users that share data with the breached account.
It is unclear what the hacker intends to do with the information released.
Some speculate that the high-profile nature of the victims, the personal nature of the data, and the focus on certain ethnic groups or wealthy individuals are simply a way for the hacker to increase their clout.
Leave a Reply