Here’s more news on 23 and me that may not have been known before

In October, I blogged two blog posts about potential issues over at 23andme. (one word, not two)

23andMe has always said that this breach was not of their systems and this article from Cybernews is telling us that. But now, it says that there have been specific things taken that maybe we didn’t know already.

One of the paragraphs says:

According to a breach notification letter 23andMe sent to impacted individuals, the attack took place for five months, from late April 2023 through September 2023. The company said that attackers could access user accounts due to reused passwords.

Five months? Lots of things can go wrong in five months! My question is how can you not know someone is in your network for five months lounging around looking for crap? If you had a honeypot, you’d have known a lot sooner. Maybe you need to listen to the Twit Network as they advertise a product that can assist you. I, unfortunately, can’t remember its name. I know its expensive at $7500 a pop I believe, but from the way the ads I’ve heard say, they’ll alert you at the right time.

Next,

“The threat actor was able to gain access to your account because the username and password that you used on 23andMe.com were the same as those that you used on other websites that were previously compromised or otherwise available,” the company said.

so even if someone were to log in to account through this method, IP address tracking would tell the company something was wrong. Facebook and other services will alert you if say someone logs in to an account from a different location than they’ve seen consistant log ins.

This has happened to Michael, who used to live in Indiana but lives now in Arkansas. He traveled to a different state, logged in to Gmail as usual, and couldn’t figure out why it didn’t work until he logged in using the web and that’s when it told him. He hates Google for that, but I say that it would have prevented this type of a breach to occur. Don’t you readers think? Sound off in the comments. There are no wrong answers.

Here is where it gets good.

23andMe’s investigation revealed that attackers accessed users’ “uninterrupted raw genotype data” and other sensitive data such as health reports, health-predisposition reports, wellness reports, and carrier status reports.

In October last year, a threat actor Golem claimed to have obtained data from seven million 23andMe users, sharing samples of data on the cybercrime marketplace BreachForums, which contained entries for name, sex, age, location, ancestry markers such as lineage, yDNA, and mtDNA haplogroups (traces paternal and maternal ancestry), and others.

The first leak allegedly included one million Jewish Ashkenazi descent “celebrities,” and another contained more than four million people, most of whom are allegedly from the United Kingdom. The original posts on the forum have since been deleted. However, other forum members repost the data repeatedly.

Finally, we know that 23andMe started requiring two-factor after the incident. Has this actually helped?

To read the full article from Cybernews, please read 23andMe confirms attackers stole raw genotype data which was updated today.

Have fun with this one!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.