23andMe User Data Stolen in Targeted Attack on Ashkenazi Jews::At least a million data points from 23andMe accounts appear to have been exposed on BreachForums. While the scale of the campaign is unknown, 23andMe says it’s working to verify the data.
Yeah I knew submitting dna samples to companies wasn’t a good idea because they give data to police departments but it didn’t occur to me to use it to target minorities.
The accounts compromised were ones that had reused their passwords and the only way to get genomic data from an account is for a link to be sent to your email account.
Something something about police departments targeting minorities…
Some of those that work forces…
“We believe that the threat actor may have then, in violation of our terms of service, accessed 23andme.com accounts without authorization and obtained information from those accounts.”
Good to know that these cybercriminals not only skirted the law but also the TERMS OF SERVICE. Must be hardened types to go and break ToS.
Credential stuffing attack. Who wants to wager that the compromised accounts had a LastPass and have never changed their password?
Specifically Jews? Yeesh, that doesn’t sound good.
The full picture of why the data was stolen, how much more the attackers have, and whether it is actually focused entirely on Ashkenazim is still unclear.
From the article, the title is obviously overstated for effect