/cloudfront-us-east-2.images.arcpublishing.com/reuters/FY5ZHW6Q6RL6XBFOSNO2UX4QGQ.jpg)
Attendees visit the 23andMe booth at the RootsTech annual genealogical event in Salt Lake City, Utah, U.S., on February 28, 2019.
A hacker is currently advertising millions of “pieces of data” stolen from the family genetics website 23andMe, as per posts made on an online forum where digital thieves often promote leaked data.
In response to these claims, 23andMe (ME.O) released a statement on Friday acknowledging that an unspecified amount of “customer profile information” had been compiled “through access to individual 23andMe.com accounts.” However, the company emphasized that it had not experienced a direct breach of its own systems.
“We do not have any indication at this time that there has been a data security incident within our systems,” the statement clarified.
The statement further pointed out that the hacker might have gathered passwords stolen from other sites and attempted to exploit 23andMe accounts using them. This technique, known as credential stuffing, underscores why cybersecurity experts strongly advise against using the same password across different platforms.
To bolster security, experts recommend implementing a second layer of password protection, known as two-factor authentication, which can thwart these types of hacks.
At present, Reuters has been unable to locate a means of contacting the hacker. One of the hacker’s posts has been removed from the forum. The exact scale of the breach remains unclear, as the hacker provided contradictory information regarding the stolen data and its extent.
