There’s more info coming out about the 23andMe hack and it’s not good.
This week, a hacker with the moniker “Golem” published a new dataset purportedly containing the records of four million users of 23andMe. TechCrunch reported that some of the newly published dates align with publicly available 23andMe data on user information and genetic details. In other words, early indications suggest that this hack and leak are real. However, in a statement to TechCrunch, 23andMe told the outlet that it was “reviewing the data to determine if it is legitimate.”
This is just the latest update in a rather wide-ranging story involving 23andMe’s breach. Earlier this month, it surfaced that the hacker stole data and put it up for sale. It also appeared to be a targeted attack on Ashkenazi Jews, Wired reported at the time. The most recent leaked data apparently targeted “the wealthiest people living in the U.S. and Western Europe.”
The whole incident is concerning, especially since 23andMe stores such personal information. The company claimed the data was stolen via credential stuffing, which involves testing already-leaked username and password combinations. So if you are a 23andMe user, now is a good time to change your password.