A month after reporting the data breach incident, 23andMe has now revealed more details on the hack – that the perpetrators stayed for months in their systems!
In a legal filing, 23andMe said that the hackers used credential stuffing to breach customer accounts and stole the data of millions of users in their database. And it’s only after a Reddit user posted the sample data online, the company reacted and investigated.
Going Unnoticed for Months!
Last month, 23andMe, a genetic testing company, was revealed to be hacked by an unknown threat actor, which resulted in the sensitive data of it’s customers being stolen. The company noted that the DNA Relatives profiles of roughly 5.5 million customers and the Family Tree profile information of 1.4 million DNA Relative participants were affected.
A legal filing this week revealed more details on this incident, noting that the hackers had stayed in 23andMe’s network since late April 2023 and were detected in September 2023. The company said the hackers used credential stuffing to access customer accounts.
TechCrunch noted that hackers had been selling the stolen data of 23andMe in underground hacking forums for a few months. And the company only noticed when a Reddit user posted a sample of the stolen data in October. The leaked data includes customer names, birth dates, ancestry and health-related data.
What’s stirring is that 23andMe had reportedly tuned it’s terms of service after the incident and made it harder for the affected people to join forces and sue the company. Anyhow, apologizing for the leak, the company now suggests that customers change their passwords.
Other Trending News:- News
