The problem with centrally controlled personal data.
In recent years, a growing number of people have been handing their DNA over to tech companies for the apparent benefits of finding out information about their ancestry and more about their health. However, as with digital IDs, when such entities get access to your most intimate data, it becomes the target of hackers and cyberattacks.
A considerable number of user ancestry files were exposed during a recent cyberattack on genetic testing giant, 23andMe. As per an official filing released on Friday, cybercriminals infiltrated around 14,000 user accounts – a figure that equates to approximately 0.1% of the company’s global customer base of over 14 million.
The hackers leveraged a common cyberattack technique known as “credential stuffing.” This involved exploiting leaked account passwords to gain unauthorized access. However, the attack didn’t end with the initial victims. 23andMe incorporates a feature whereby users can opt to share selected information with other users. Consequently, the breach also extended to individuals linked through this feature.