October 19, 2023
Promo Protect all your devices, without slowing them down. Free 30-day trial
Golem, the hacker who leaked the data of one million Ashkenazi Jews from the 23andMe ancestry service earlier this month has now released 4.1 million more genetic data profiles.
This time the hacker, who is known by the online handle “Golem,” has published a new dataset containing details of what they claim are “the wealthiest people living in the US and Western Europe” on the cybercrime forum BreachForums.
In their announcement of the data’s availability, Golem claims that those who are impacted by the breach include the British Royal Family.
Exposed information includes users’ full names, usernames, profile photos, date of birth, sex, genetic ancestry details, and geographical location.
23andMe says that it is “reviewing the data to determine if it is legitimate.” It has also brought in third-party experts to help it with the investigation.
It certainly seems plausible that this latest leak is real. Earlier this month 23andMe confirmed that data of some of its users had been compromised, although they said that this was not the result of a data breach on their part – but instead the result of an attacker using credential stuffing techniques to break into accounts that were “protected” by passwords already revealed in other third-party data breaches.
As a consequence, all 23andMe users were required to reset their passwords “out of caution,” reminded of the need to never reuse passwords, and encouraged to enable multi-factor authentication.
In addition, there is speculation that 23andMe customers who had enabled a feature called “DNA Relatives” (23andMe describes it as a way of allowing you to “find and connect with other DNA Relative participants, and to learn more about your family story”) may haveunwittingly allowed any hackers who gained access to their accounts to also scrape the details of others.
23andMe’s own documentation states that “people with European or Ashkenazi ancestry typically have many matches” through the “DNA Relatives” feature, something which – it appears – the hacker has been able to abuse to their considerable advantage.
As previously discussed, the implications of the leaking of DNA data can be considerable.