Hacker Threatens to Sell Customer Data from Genetic Testing Company 23andMe, Targeting Individuals with Jewish Ancestry
In a disturbing turn of events, a hacker has claimed to possess vast amounts of customer data from popular genetic testing company 23andMe. The cybercriminal, who remains unidentified, is reportedly offering to sell records containing the names, locations, and ethnicities of potentially millions of customers. The hacker first made their intentions known by offering a batch of data that specifically includes individuals with Jewish ancestry.
Acknowledging the severity of the situation, a spokeswoman from 23andMe confirmed the authenticity of the leaked data samples and stated that the company is currently investigating the matter. According to the spokeswoman, it appears that the hacker or their accomplices employed a commonly used technique called credential stuffing. This technique involves using username-and-password combinations obtained from breaches at other companies and testing them to identify reused credentials among 23andMe customers. Once successful logins were discovered, the hacker proceeded to access all available information provided by the account holders’ relatives, sometimes spanning hundreds of individuals per account.
This incident marks the first of its kind at 23andMe, and the company has promptly notified law enforcement agencies about the breach. Although the leaked data does not include genomic details, which are highly sensitive, it contains usernames, regional locations, profile photos, and birth years. It is noteworthy that the usernames often differ from individuals’ actual legal names.
Seeking to mitigate the impacts of the breach, 23andMe is strongly urging its users to change their passwords and enable two-factor authentication to prevent unauthorized access to their accounts. Meanwhile, underground forums have reportedly posted offers to sell the stolen data. The advertised prices range from $1,000 for 100 profiles to a jaw-dropping $100,000 for as many as 100,000 profiles. One specific post claimed to have uploaded a vast database of Ashkenazi Jews, in which even individuals with just 1% Jewish ancestry would be included.
Adding a sinister layer to the situation, some of the posts promoting the sale of the stolen data were attributed to a user named “Golem.” The handle is an allusion to a mythical creature from Jewish folklore.
Given the scale of the potential data breach, it is estimated that the information stolen from 23andMe could potentially affect over half of the company’s 14 million customers. This estimation is based on the number of users who have opted to make their data visible to relatives, including distant cousins.
The mention of Jews in the hacker’s offer is not merely coincidental. It aligns with a troubling trend of increased attacks, both physical and rhetorical, targeted at Jews in the United States. Antisemitism has gained traction on social networks in recent times, amplifying conspiracy theories that wrongfully blame Jews for issues such as illegal immigration, media manipulation, and financial wrongdoings.
The breach at 23andMe serves as a stark reminder of the importance of data security and the potential risks associated with the storage of sensitive personal information. As investigations continue, it remains crucial for individuals to remain vigilant, change their passwords regularly, and exercise caution when providing personal details online.