Data Breaches

23andMe Accounts Compromised and Information Offered for Sale on Hacker Forum

An anonymous hacker made hundreds of thousands of 23andMe profiles available for purchase on a hacker forum.

23andMe is a genetics testing company that provides consumers with the ability to discover their traits, health predisposition, carrier status, build family trees, and locate unknown relatives based on their DNA overlaps.

The allegedly stolen profiles from 23andMe contain names, email addresses, phenotype information, DNA-estimated origin, photographs, and connections to potential relatives. The cybercriminal offers a variety of purchase options to encourage bulk purchases, including $ 1,000 for 100 profiles, $5,000 for 1,000 profiles, $20,000 for 10,000 profiles, and $1 per compromised account for those purchasing a vast dataset of 100,000 records.

A few days prior to this sale, the same user offered a limited number of downloads for datasets containing one million profiles from an unnamed genetics company, alleging that the data contained information on notable individuals. Although the number of users who downloaded the bundles was limited, those who did so continued to offer them through new forum posts.