A hacker has recently posted on an online forum, claiming to possess a substantial amount of data purportedly taken from the family genetics website 23andMe.
While this situation has raised concerns, 23andMe promptly responded on Friday, asserting that although certain “customer profile information” had been aggregated from “individual 23andMe.com accounts,” the company itself had not suffered a breach of its systems.
According to 23andMe, there is no evidence to suggest a data security incident within their infrastructure at this point. They posit that the hacker may have amassed passwords stolen from other websites and attempted to utilize them to compromise 23andMe accounts.
This method, commonly called “credential stuffing,” underscores the importance of not using the same password across different platforms, as it can expose individuals to such risks.
To bolster security, experts recommend implementing a second layer of password protection, known as two-factor authentication, which can effectively thwart these cyberattacks.
As for the hacker in question, Reuters encountered difficulties in attempting to contact them. One of the hacker’s posts on the forum has already been removed.
The scale of the breach remains unclear, as the hacker has provided conflicting details regarding the extent and nature of the data they claim to have obtained.