The data of almost 7 million users of the popular genetic testing company 23andMe is now for sale on the dark web, including DNA data. Furthermore, the data of more than 1.3 users of Ashkenazi and Chinese descent is included in the leak.
The most well-known company that offers genetic testing suffered a data scraping incident that exposed a large number of their users to potential incidents.
From a report:
“The information of nearly 7 million 23andMe users was offered for sale on a cybercriminal forum this week. The information included origin estimation, phenotype, health information, photos, identification data and more. 23andMe processes saliva samples submitted by customers to determine their ancestry.
When asked about the post, the company initially denied that the information was legitimate, calling it a “misleading claim” in a statement to Recorded Future News.
The company later said it was aware that certain 23andMe customer profile information was compiled through unauthorized access to individual accounts that were signed up for the DNA Relative feature — which allows users to opt in for the company to show them potential matches for relatives.”
And it gets worse.
Also read: DNA Testing Company, Fooled By Dog DNA
Anyone could see a lot of someone else’s data if they had their profile ID.
“The researcher added that he discovered another issue where someone could enter a 23andme profile ID, like the ones included in the leaked data set, into their URL and see someone’s profile. The data available through this only includes profile photos, names, birth years and location but does not include test results.”