A group of hackers has put sensitive customer data up for sale on the dark web 23andMe, a famous American company that offers genetic tests. Among the stolen information were the names, photos, birth dates and ethnicities of millions of 23andMe users, including Mark Zuckerberg e Elon Musk. Sensitive data that could be used for illicit or fraudulent purposes.
The source of this data leak would have been a technique called credential stuffingwhich consists of reusing login credentials obtained from other online platforms.
Specifically, cybercriminals would have exploited the function DNA Relatives by 23andMe, which allows users to see the profiles of other people with whom they have a common ancestor. In this way, they could have accessed a large amount of personal and sensitive data, although it is not clear how they obtained the users’ credentials.
Also on sale are the sensitive data of Mark Zuckerberg, Sergey Brin and Elon Musk
The news was reported by Business Insider, who discovered an announcement on the BreachForums site. Here an anonymous user was offering the genetic data of millions of people for sale. Among these also those of famous people such as Mark Zuckerberg, Sergey Brin e Elon Musk.
However, the veracity of this information has not yet been confirmed by 23andMe. The company has indeed stated that it had no evidence of a breach of its servers. Furthermore, some of Brin and Musk’s data appear to be identical, which suggests that it is a fake to draw attention.