Vorlon Blog

Oops, Your Ancestors Have Been Hacked! A Closer Look at the 23andMe Data Breach | Vorlon Blog: Bite sized breaches

Written by Lauren Lee | Nov 3, 2023 7:00:00 AM

Introduction

Hey everyone, let’s chat about something that’s a bit more serious than finding out you’re 2% Neanderthal – the recent 23andMe breach. It’s like one of those family reunions where a long-lost cousin shows up uninvited, except this time, it’s a bunch of hackers, and they didn't come for the potato salad.

The “How Did That Just Happen?” Part

So, here’s the scoop on how our genetic gatecrashers got in. It wasn’t a fancy Ocean’s Eleven heist on 23andMe’s vault; it was a credential stuffing attack. Picture a bunch of bad guys trying keys (aka passwords) in a lock until – voilà – they find one that turns!

These troublemakers launched what the tech gurus call a "credential stuffing attack." That’s where they take a wild guess that you’ve used the same password for your 23andMe account as you did for, say, your old college email. And it turns out, some folks actually did. To top it off, these digital delinquents cranked up the efficiency by letting bots do the legwork, hammering away at account after account with their sneaky password playbook.

Moral of the story? Using your favorite password for everything might be easy to remember, but it's like handing out spare keys to your online life to anyone who’s asking. Not the best move for keeping your accounts secure.


Who Got Hit and What Did They Take?

Imagine if someone could take a peek at your family's photo album – except it's your DNA album. That’s pretty much what happened. The breach might have let loose stuff like your name, birthday, location, and the DNA results that tell you whether you’re more pasta or paella.

A 23andMe spokesperson gave us some more details on the widespread effects of the breach. Picture this: It all began when some digital party crashers slipped into a couple of 23andMe accounts – just a few at first. But whoops, it turns out they hit the data jackpot thanks to a feature called 'DNA Relatives.' You know, that cool tool that's supposed to help you find your long-lost cousins? Well, it kinda turned into a VIP pass for the hackers to grab more info than we bargained for. The 23andMe folks are saying the number of individuals with their details out in the wild is a bit of a head-scratcher – they're still trying to pin down just how many profiles got gatecrashed.

Now What? Remediation Steps

After the digital dust-up at 23andMe, they've been all hands on deck to patch things up. If your account got a bit too much attention from the wrong crowd, you'll be setting up a shiny new password. It's like getting a new key for a lock that's had one too many uninvited guests. They're also on high alert now, keeping an eye out for any more shenanigans.

Plus, they're nudging everyone to not just make their passwords tough to crack but also to buddy up with two-factor authentication—it's like having a really nosy neighbor who double-checks anyone coming to your door. So if you're in the 23andMe circle, it's time to armor up your account.

23andMe, You’ve Been Served!

And now for the courtroom drama. 23andMe is facing some lawsuits because some people feel they didn't keep the family jewels (aka our genetic info) under lock and key. The suits claim that the company could’ve done more to protect that super personal data. So, some legal eagles are now circling over this one.

So, you know that 'DNA Relatives' feature on 23andMe that we mentioned earlier? The one where you opt in to play ancestral connect-the-dots? Turns out, even though folks signed up for it willingly, they're not too thrilled. They figured that just because they shared their info, it didn’t mean the company could skimp on safeguarding their data.

And get this – some members who did everything right, like using super strong passwords and setting up two-factor authentication (2FA), still got caught in the net. Despite playing defense, their personal info ended up on the wrong side of the internet, like old family photos popping up in a cybercrime flea market. Yikes!

To Wrap It Up

There you have it – a not-so-fun chapter in the story of personal genetics. The 23andMe breach is a reminder for all of us to be a bit more guarded about our online secrets. As for the companies we trust with our innermost info? It’s a wake-up call that safeguarding our digital selves is super important. Stay safe out there, and let’s keep our genetic history in the family, okay?