Millions more 23andMe records leaked online

Two weeks after the first leak, the same hacker posts another 23andMe database

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Another database belonging to genetic testing website 23andMe has allegedly been published on a dark net forum, just days after an initial leak was revealed.

An individual going by the alias Golem published a database on BreachForums containing sensitive information on four million users.

SubsequentTechCrunchinvestigations confirmed that at least some of the data published matched known and public information. Roughly two weeks ago, Golem announcedstealing sensitive user data from 23andMe, claiming to have done so by means of credential stuffing.

August leak?

In credential stuffing, a hacker would take a list of previously stolen usernames and passwords, and with the help of automation, “stuff” the service with login attempts until one of them sticks. Further details were unavailable at the time.

The database Golem posted most recently contains records on four million users, reports said. The hacker said the data includes information on British individuals, including some of the “wealthiest people living in the U.S. and Western Europe.” A company spokesperson toldTechCrunchthat the company is aware of the news and is currently “reviewing the data to determine if it is legitimate.”

TechCrunchalso speculates that this is possibly a follow-up to a leak that happened in early August this year. Back then, a user on a forum called Hydra posted a 23andMe user database, and claimed to have 300 terabytes of user data. The publication says that this sample matches, at least to some extent, to the data posted two weeks ago.

To try and minimize the damage, 23andMe asked users to update their passwords and turn on multi-factor authentication (MFA), before saying the leak happened because of its users’ poor password hygiene.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

23andMe is a company that offers genetic testing services to consumers. A person would provide a saliva sample to the firm and would get information on their ancestry, as well as genetic predispositions to different diseases, conditions, and similar.

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics