A hacker who willingly refers to himself by the screen name, Golem, has released the genetic data profiles of 4.1 million users of the ancestry tracking website, 23andMe.
The same hacker had previously leaked the information of over 1 million Ashkenazi Jews who used the website. Earlier this month it was confirmed that the data Golem posted was legitimate.
In the previous attack, the hackers were able to gain access to 23andMe data through credential stuffing, a brute force means of entry where hackers use passwords obtained through data breaches on other companies. If even one username and password match, the hacker can log in and give themselves administrative access.
This stolen information can be used for a variety of criminal activities, including selling to third parties or launching further cyber attacks. Some individuals may also face unfair discrimination if family connections were to be leaked.
23andMe brought in third-party experts to help them determine if the stolen data is legitimate. While it seems very likely that the stolen data is legitimate, there are no official statements yet.
While the exact methods used to hack into the website are unknown, it’s speculated that the new feature, DNA Relatives, may have been what hackers found vulnerabilities in.
The hacker’s forum post indicates a political motivation, on top of any potential profit they could make.
“The data includes information on all wealthy families serving Zionism,” the hacker said in a post. “You can see the wealthiest people living in the US and Western Europe on this list.”
The information the hacker revealed includes profile photos, date of birth, sex, full name, geographical location, genetic ancestry information, and more.
“There are samples from hundreds of families, including the Royal family, Rothschilds, Rockefellers, and more,” the hacker said.
In response, 23andMe has required every user to reset their password and enable multi-factor authentication for better security. Make strong and unique passwords for every website.