Hacker leaks millions of new 23andMe genetic data profiles

A hacker has leaked an additional 4.1 million stolen 23andMe genetic data profiles for people in Great Britain and Germany on a hacking forum.

Earlier this month, a threat actor leaked the stolen data of 1 million Ashkenazi Jews who used 23andMe services to find their ancestry info and genetic predispositions.

23andMe told BleepingComputer that this data was obtained through credential stuffing attacks on accounts using weak passwords or credentials exposed in other data breaches. However, the company says there is no evidence of a security incident on their IT systems.

The company says that only a limited number of accounts were breached, but they opted into the 'DNA Relatives' feature, allowing the threat actor to scrape millions of individual's data.

Another 4.1 million data packs leaked

Yesterday, a threat actor named 'Golem,' who is allegedly behind the 23andMe attacks, leaked an additional 4.1 million data profiles of people in Great Britain and Germany on the BreachForums hacking forum.

This additional leak includes 4,011,607 lines of 23andMe data for people living in Great Britain.

The threat actors claim that the stolen data includes genetic information on the royal family, the Rothschilds, and the Rockefellers. BleepingComputer has not been able to confirm if these statements are accurate.

"You can see the wealthiest people living in the US and Western Europe on this list," the hackers say in the below forum post.

Today, the same hacker released an additional CSV file containing the 23andMe data of 139,172 people living in Germany.

As reported by TechCrunch, some of the newly leaked data from Great Britain has been verified as matching known and public user and genetic information.

TechCrunch also reports that some of the leaked 23andMe data was being sold in August 2023 on the now-shutdown Hydra hacking forum, where the threat actor claimed to have stolen 300 terabytes of data.

The threat actor on BreachForums also claims to have "hundreds of TBs of data" in their possession, likely indicating that this is the same stolen data.

In a new statement to BleepingComputer, 23andMe says they are aware of the new leak of data and are investigating.

"Today we were made aware that the threat actor involved in this investigation posted what they claim to be additional customer DNA Relative profile information," 23andMe told BleepingComputer.

"We are currently reviewing the data to determine if it is legitimate. Our investigation is ongoing and if we learn that a customer’s data has been accessed without their authorization, we will notify them directly with more information."

With the amount of allegedly stolen information, we will likely continue to see further data leaks as the threat actor attempts to drum up enough interest to get a buyer.

While 23andMe says that only a small number of customer accounts were breached, the DNA Relatives feature turned this into a significantly larger data leak.

These leaks have already led to a myriad of lawsuits against 23andMe that claim there is a lack of information about the breach and that the company did not adequately protect customers' data.

Update 10/19/23: Added 23andMe statement.