Earlier this month, DNA testing company 23andMe was hit by a cyberattack, and the stolen genetic data of millions of people was posted on a hacker forum.
A hacker leaked 4.1 million stolen 23andMe genetic profiles to people in the UK and Germany on a hacking forum.
Earlier this month, a threat actor leaked stolen data from 1 million Ashkenazi Jews who used 23andMe's services to find their ancestry and genetic information, as well as data from more than 300,000 users of Chinese descent.
The stolen data included breed evaluation information, phenotypic data, medical information, gender, age, photographs, identity data, last login date, etc.
23andMe told BleepingComputer that this data was obtained through attacks on accounts that used weak passwords or credentials exposed in other data breaches. However, the company says there is no evidence of a security incident on its IT systems.
The famous company provides users with a comprehensive analysis of their ancestry based on their DNA, and according to the leaked data, it claims that among its clients are Elon Musk and Mark Zuckerberg, although this has not been verified.
The data breach was not a hack into the company's systems, but rather a mass targeting of individual users, in what is known as a "credential stuffing" attack, which is a type of cyberattack in which account credentials, usually consisting of lists of usernames and passwords, are stolen from other users. Hack precedent to see if people are using the same details.
TechCrunch reported that this week, the same hacker, under the pseudonym Golem, published the second part of 23andMe customer data.
According to what the report stated, the new leak contains 4,011,607 rows of data about people living in the United Kingdom (including the royal family, the Rothschild family, and the Rockefellers), in addition to an additional file containing data on 139,172 residents of Germany.
Such hacks are not uncommon, but this raised a big question: What is the use of your DNA for hackers?!
According to 23andMe, and from the information posted online, no actual genetic information was taken. High-level account data, such as personal information and geographic ancestry details of users, was accessed.
This explains where a person's genes come from. For example, a user might be 50% Irish, 25% Norwegian, 12.5% Welsh, and 12.5% Baltic. This is information that would be strange to be stolen.
Professor Alan Woodward, a specialist in cyber security at the University of Surrey, says: “The main value from this hack will be personal information that can be used in fraud operations later. Names, addresses, phone numbers and general personal information. Hackers tend to sell this information to fraudsters, who can then write Spam emails are more targeted.”
He continued: “In terms of the genetic information itself, it may have some value in the future, but today I can’t see how they could turn it into money - I would say it’s a bit of an opportunistic hack. I would be more concerned if someone had fingerprints.” Fingers: Biometric data, such as your face and fingerprints, cannot be changed.”
But the information generated by commercial DNA tests is not limited to geography. The results also share medical predictions, which show the likelihood of developing certain diseases or characteristics, such as Alzheimer's disease, diabetes or male pattern baldness.
Professor Woodward says: "This information may be important to society one day, and perhaps to insurance companies."
The results may also be used to sabotage someone's career, highlighting health risks that may limit their working life.
Applications that "harm" smartphones!
Technical expert and director of IT-Reserve, Pavel Myasoedov, warned of some applications that could cause harm to smartphones and spy on their data.
In an interview with the Prime website, the expert said: “There are some free applications that we download on our phones that may cause harm to those devices, and they may sometimes hide inside them malicious software that harms the phones and spies on their data.”
He added: “When we download some free applications, such as flashlight applications or some QR code scanning applications, we automatically agree to the terms of use permissions imposed by the developers of that software, and once we agree to those terms and download the application, software developers can sometimes access the data of our devices and spy on them, or "We download malware into our devices, so we should remove all untrusted free applications from our phones if we don't need them."
Myasoedov pointed out that many applications that harm phones and smart devices have been discovered, including: Contour Level Wallpaper, Video Maker, Accurate Scanning of QR Code, Anime Live Wallpaper, Beauty Slimming Photo Editor, Fingertip Graffiti, and GIF Camera Editor. Player & iWallpaper, iHealth Step Counter, Super Flashlight, Super Wallpapers Flashlight, Beauty Camera Plus, Composite Z, Screenshot Caputre, Wuxia Reader.