Millions of 23andMe Users Genetic Data Profile Leaked on Cybercrime Forum

• Written by Shipra Sanganeria Cybersecurity & Tech Writer

Earlier this month, US biotechnology and genetic testing company 23andMe released a statement confirming the sale of its users’ data on a hacking forum.

Since then, the company has seen millions of its users’ data being leaked on BreachForums by a hacker going by the name of Golem. First, on October 2, the hacker released samples of data allegedly stolen from the company, followed by a posting advertising the sale of bulk data. The 1 million lines of data was said to belong to Ashkenazi Jews from around the world.

Later this week, the same threat actor released another set of data (4+ million) claiming to belong to the wealthiest people in the US and Western Europe. According to their claims, the data includes sensitive information about the British Royal family, the Rothschilds, Rockefellers, and more.

Upon learning about the incident, the genetic firm launched an investigation with third-party forensic experts and believes that the breach was a result of credential stuffing attack. It however confirmed that there was no evidence suggesting that its internal network was compromised.

‘’While we are continuing to investigate this matter, we believe threat actors were able to access certain accounts in instances where users recycled login credentials – that is, usernames and passwords that were used on 23andMe.com were the same as those used on other websites that have been previously hacked,’’ the statement read.

As a result, it is also advising the users to activate multi-factor authentication and reset passwords, rather than using recycled ones.

23andMe believes that only a small number of user accounts were breached; however, the activation of DNA Relatives feature by few users will affect millions of its customers. The effects of which are already being felt by the organization, as it tries to make its way through the myriad of lawsuits filed against it.

D-Link Confirms Data Breach but Denies Claims of 3 Million Stolen Data

• Written by Shipra Sanganeria Cybersecurity & Tech Writer

D-Link, the Taiwan-based networking equipment manufacturer, confirmed the data breach incident related to the publication and sale of its internal data on BreachForums earlier this month.

The incident came to light on October 1, when a member of the dark web forum claimed to have breached the company’s network to steal millions of users’ data and source code for the D-View network monitoring product.

The hacker claimed to have 1.2 Gb of employee and customer personal data, including names, email, addresses, company, phone numbers, registration date, and date of last login. The claims also included information on Taiwanese government officials and CEOs. All this data was on sale for $500.

Following the claims, D-Link in partnership with Trend Micro launched an investigation and identified many discrepancies in the claim. ‘’The data was confirmed not from the cloud but likely originated from an old D-View 6 system, which reached its end of life as early as 2015[..] So far, no evidence suggests the archaic data contained any user IDs or financial information,’’ revealed D-Link .

According to the company, the hacker’s claims were exaggerated and misleading, as its investigation showed that only 700 user records were compromised and none were of active users. Moreover, it is believed that the hacker manipulated the login timestamps of stolen data to make it look like a recent theft.

The breach is said to have occurred because an employee unintentionally fell prey to a phishing attack, thereby granting access to the outdated data.

In response to this attack, the company immediately implemented several remediation measures to prevent the occurrence of similar incidents in the future. It also revealed that the hacked product was an older version of the current D-View 8 offering, and active customers were unlikely to be affected by this incident.

Nevertheless, D-Link advised its users to change passwords and remain cautious about suspicious calls, messages, and emails.