Ancestry and genetic test kit company 23andMe was the victim of a cyber attack last week. Hackers claim to have stolen the data of millions of users and put it up for sale on the dark web, multiple outlets have reported.
One such seller advertised the stolen data on BreachForums, writing that the listing contains the email addresses and “DNA profiles of millions, ranging from the world’s top business magnates to dynasties often whispered about in conspiracy theories,” per Business Insider.
23andMe confirmed the attack on Friday, stating that the company began its investigation “immediately” after learning of the suspicious activity. The company added that it believes the compromised data was accessed because users reused login credentials — “that is, usernames and passwords that were used on 23andMe.com were the same as those used on other websites that have been previously hacked,” it wrote.
The company said the compromised information was not garnered through an internal hack of 23andMe’s systems but rather through the attackers obtaining the data by successfully guessing login credentials for a group of users and then subsequently extracting more information from a feature known as DNA Relatives — an opt-in feature for 23andMe users to share information to find and connect with genetic relatives.
Although the validity of the leaked data has not been confirmed, some dark web postings claim to have the information of “celebrities” and well-known business leaders such as Mark Zuckerberg, Elon Musk and Sergey Brin, WIRED reported. However, WIRED noted that in the data set claiming to include information about Musk and Brin, the two tech magnates appeared to have the same profile and account IDs.