DNA analyzing firm 23andMe confirmed a massive data breach that exposed the information of millions of its users. The California-based biotech company announced this alarming issue on Monday, Dec. 4.
However, 23andMe officials clarified that its system wasn't directly hacked by cybercriminals. Instead, the DNA analyzing firm said that hackers logged into tens of thousands of individual accounts.
The American biotech company said that this is only 0.1% of its clients. But, knowing that it was a DNA analyzing firm that was attacked by hackers is more than enough to concern Americans.
DNA Analyzing Firm 23andMe Suffers From Massive Data Breach
According to CBS News' latest report, 23andMe said that it launched an investigation in October after a speculated data breach. It all started when a threat actor claimed that acquired the biotech company's user profile information.
This means that most of the affected individuals are those who used the website and services of 23andMe. At first, the DNA analyzing firm said that it acknowledged a filing with the Securities and Exchange Commission.
This filing claims that the hacker accessed 0.1% of its user accounts. However, 23andMe clarified cybercriminals behind the attack might have been able to access the sensitive details of 6.9 million users.
BBC News reported that the hackers who conducted the latest 23andMe data breach relied on users' old passwords, as well as reused usernames.
For those who are not familiar with this California-based biotech firm, it focuses on analyzing DNA from people's saliva samples. After that, the company will produce reports showing clients' genetic health risks, ancestry, and other similar information.
This means that the details that 23andMe has are quite sensitive. But, should Americans really worry about the data breach?
Read Also : Top Google Expert Claims Chinese Cyberattacks Against Taiwan Alarmingly Increase-With Targets Broadening
What 23andMe Data Was Accessed?
The biotech company confirmed that the hackers were able to access significant numbers of files, which contain profile information about users' ancestry.
It claimed that cybercriminals download sensitive information from other uses linked to the compromised 23andMe accounts. Information stolen by the hackers includes locations, pictures, addresses, birth years, and DNA percentages shared with relatives.
As of writing, the DNA analyzing firm hasn't confirmed if hackers advertised the stolen data to buyers or other cyber attackers. The latest data breach against the company shows the importance of cybersecurity behaviors of businesses.
"Poorly secured accounts, with weak passwords and no two-factor authentication, put all those sharing their sensitive data at risk," explained CybSafe CEO Oz Alashe.