Topics
modish
AI
Amazon
Image Credits:Paul Morris/Bloomberg via Getty Images / Getty Images
Apps
Biotech & Health
Climate
Cloud Computing
DoC
Crypto
Enterprise
EVs
Fintech
fund-raise
gismo
Gaming
Government & Policy
Hardware
Layoffs
Media & Entertainment
Meta
Microsoft
Privacy
Robotics
Security
Social
blank
inauguration
TikTok
Transportation
speculation
More from TechCrunch
Events
Startup Battlefield
StrictlyVC
Podcasts
Videos
Partner Content
TechCrunch Brand Studio
Crunchboard
Contact Us
The same hacker who leaked a treasure trove of user data steal from the genic testing company 23andMe two workweek ago has now leaked millions of new user records .
On Tuesday , a cyberpunk who go by Golem published a Modern dataset of 23andMe substance abuser entropy containing records of four million user on the known cybercrime assembly BreachForums . TechCrunch has observe that some of the newly leaked stolen data matches know and public 23andMe user and genetical info .
Golem claim the dataset contains information on citizenry who come from Great Britain , include data from “ the wealthiest citizenry know in the U.S. and Western Europe on this list . ”
23andMe spokesperson Andy Kill said in an emailed argument that the company was made cognisant of this Modern escape today , and that it is “ brush up the information to find out if it is legitimate . ”
On October 6 , 23andMeannounced that hackers had obtained some substance abuser data , claiming that to amass the stolen data the cyberpunk used certificate stuffing — a common proficiency where hacker try combinations of usernames or electronic mail and correspond passwords that are already public from other data point breaches .
In response to the incident , 23andMeprompted user to change their passwordsand encouraged switching on multi - factor certification . On its prescribed page addressing the incident , 23andMe enunciate it has launched an probe with service from “ third - party forensic expert . ” 23andMe blamed the incident on its customer for reusing password , and an opt - in feature article calledDNA congeneric , which allow user to see the information of other prefer - in users whose inherited data matches theirs . If a substance abuser had this feature turned on , in possibility it would leave hack to scrape information on more than one drug user by breaking into a single substance abuser ’s accounting .
There are still a plenty of unanswered questions about this incident . It ’s not known if the hackers really used credentials dressing and not another technique to steal the information , how much drug user information was steal , and what the hacker mean to do with it .
Join us at TechCrunch Sessions: AI
Exhibit at TechCrunch Sessions: AI
The incident appear to have been conducted , or at least launched , several months ago . On August 11 , a cyberpunk on another cybercrime forum called Hydra advertised a readiness of 23andMe user data . That set of user data match some of the user records leaked two week ago , according to a TechCrunch analytic thinking .
On Hydra , the hacker claimed to have 300 terabyte of 23andMe user data , though the hacker did not provide any grounds for this claim .
Regardless of the many unanswered question , what ’s clean-cut is that we still do n’t know the full extent of this data leak . And it ’s not clear that 23andMe get laid yet how much data was taken .
UPDATE , October 18 , 5:32 p.m. ET : This level was update to include the statement from 23andMe ’s spokesperson .
take more on TechCrunch :
