Security Advisory: 23andMe User Data Stolen in Credential Stuffing Attack

RGSA 10-10-23-01

Date: October 10, 2023

Introduction

The public biotechnology and genomics firm, 23andMe, confirmed on their website on October 6, 2023, that certain 23andMe customer profile information was circulating on hacker forms. The information that has been exposed from this incident includes full names, usernames, profile photos, sex, date of birth, genetic ancestry results, and geographical location. As a result, 23andMe have notified their customers, and have pushed for them to reset their passwords and enable multi-factor authentication (MFA).

How the Attack Happened

The hackers used credential stuffing to gain access to a set of user accounts on 23andMe. Credential stuffing is a type of cyber attack in which a hacker uses stolen usernames and passwords (obtained from another breach or purchased off the dark web) to access other websites in which the users are registered. Users that recycled their breached login credentials on 23andMe may have been the entry point for this attack.

A subset of the compromised users opted into 23andMe’s DNA Relatives feature, which allowed for hackers to scrape the data of their DNA Relative matches.

The number of accounts affected has not been released or disclosed by 23andMe.

If you think you may have been affected by this recent breach, reset your password, and opt for MFA on 23andMe. While the account may or may not be compromised, it is important that cybercriminals do not leverage your breached credentials to access other websites in which you may have an account on.

How to Stay Safe

Reset All Passwords – If you have the bad habit of reusing passwords across different websites, reset those passwords and employ hard-to-guess, complex passwords on those websites.
Password Manager – To keep track of your complicated passwords, think about investing in a password manager. Password managers, like 1Password, place a secret key on your password manager to add a unique extra layer of security.

A man reading a security advisory on a tablet

How Richter Guardian can help you

Richter Guardian can help you determine if some of your user accounts were involved in a previous breach:

Our platform can determine compromised credentials through comprehensive dark web monitoring.

Call us or send us an email at: +1 844-908-3950 and support@richterguardian.com if you are unsure about a situation.

Sources

“Addressing Data Security Concerns”. 23andMe. 2023 October 6. Retrieved 10 October 2023.