A hacker has released millions of additional genetic profiles stolen from DNA testing firm 23andMe, claiming that the leaked dataset includes members of the Royal Family and other notables with British ancestry.
The hacker using the moniker ‘Golem’ on Tuesday published the genetic profiles on the cybercrime marketplace BreachForums, citing anger at Israel and its supporters as a motive for the leak.
The dataset includes four million 23andMe customers who have ancestry in Great Britain, Golem claimed, saying the genetic profiles include ‘wealthy families serving Zionism’ and ‘the wealthiest people living in the US and Western Europe.’
‘There are samples from hundreds of families, including the royal family, Rothschilds, Rockefellers and more,’ the hacker added, referring to the wealthy European and American families, respectively.
It follows prior leaks targeting 23andMe customers of Jewish and Chinese descent, and the company told DailyMail.com that it was aware of the hacker’s latest post and is reviewing the data to determine whether it is legitimate. A spokesperson for Buckingham Palace did not immediately respond to a request for comment.
A hacker has released millions of additional genetic profiles stolen from DNA testing firm 23andMe, claiming that the leaked dataset includes members of the British royal family
At least some of the newly leaked stolen data matches known and public 23andMe user and genetic information, according to TechCrunch, supporting the authenticity of the leak.
Golem on Wednesday posted another nearly 140,000 stolen genetic profiles from 23andMe users with German ancestry, again citing hostility towards Israel in the midst of that country’s recent war with Hamas.
The hacker accused German Chancellor Olaf Scholz of ‘serving Zionism’ and said the release consisted of one-third of the total profiles with German origin in the stolen database, threatening to release more if Germany maintains its support for Israel.
Cybersecurity experts had more questions than answers about the apparent breach.
‘Little is known about this hack. Who was responsible? Was their motivation financial or political? Was 23andMe specifically targeted? How did the hacker obtain the data?’ Brett Callow, a threat analyst with cybersecurity firm Emsisoft, told DailyMail.com.
‘We don’t yet have conclusive answers to any of the questions. One thing that is obvious, however, is that giving your DNA to a third-party is not without risk,’ he added.
The latest tranche of leaks follows offers from the hacker to sell stolen DNA profiles, and a prior leak of millions of profiles of people with Jewish and Chinese ancestry.
‘These breaches are getting more brazen and more worrisome,’ Dimitri Sirota, the CEO of data security firm BigID, told DailyMail.com.
‘They are targeting contextual identifiers like membership in an ethnic group. This could be used for targeted campaigns by ethnicity, race, gender, political affiliation or membership in another group,’ he added, saying it raised concerns about cyber breaches turning into ‘hate crimes’.
The Royal Family is seen in a file photo. A hacker claims to have published DNA from four million people with British ancestry, including members of the Royal Family
23andMe is a leader in the $3 billion genetic testing market. For prices up to $200, customers can take a test which reveals their ethnic background
23andMe has said it did not detect any system-wide breaches, and claimed the data may have been stolen from individual users who re-used passwords that had been breached on other sites.
If that is the case, the hackers may have only breached a limited number of accounts, but scraped millions of profiles using the ‘DNA Relatives’ feature that 23andMe users can opt into to find information about family members.
Golem, the hacker posting the stolen data, appears to have initially offered the profiles for sale, and wrote on Wednesday: ‘I would like to remind you that even the data I’m sharing here is extremely valuable.’
But the hacker in the recent leaks sounded more politically motivated, lashing out at Israel and citing a recent explosion at a hospital in Gaza that killed hundreds as motive for releasing the new genetic profiles.
Palestinians blame Israel for the blast, while Israel says the hospital was struck by a misfired rocket launched by militants within Gaza.
‘I’m not a Muslim, but I’m holding myself back with difficulty from uploading hundreds of [terabytes] of data to torrents due to the despicable Israel attacking the hospital,’ wrote Golem.
23andMe said in a statement on Wednesday: ‘We recently learned that certain profile information – which a customer creates and chooses to share with their genetic relatives in the DNA Relatives feature – was accessed from individual 23andMe.com accounts without their authorization.
‘We immediately started an investigation and do not have any indication at this time that there has been a data security incident within our systems, or that 23andMe was the source of the account credentials used in these attacks.
Golem, the hacker posting the stolen data, appears to have initially offered the profiles for sale
‘Our investigation indicates the threat actor was able to access certain customer accounts in instances where users recycled login credentials – that is, usernames and passwords that were used on 23andMe.com were the same as those used on other websites that have been previously hacked.
‘We have since notified customers and taken additional security measures, including requiring all accounts to go through a password reset and advising customers to enable multi-factor authentication. We are working with outside forensic experts as part of our ongoing investigation, as well as with federal law enforcement.
‘Today we were made aware that the threat actor involved in this investigation posted what they claim to be additional customer DNA Relative profile information. We are currently reviewing the data to determine if it is legitimate.
‘Our investigation is ongoing and if we learn that a customer’s data has been accessed without their authorization, we will notify them directly with more information.’
23andMe is a leader in the $3 billion genetic testing market. For prices up to $200, customers can take a test which reveals their background and can also identify gene variants linked to diseases like Alzheimer’s and Parkinson’s.
Source link