Biotechnology company, 23andMe, confirmed to Bleeping Computer that the company's private user data has been circulating on hacker forums after suffering a credential-stuffing attack.
Read Also: SpaceX Gets US Space Force Contract for Starshield
23andMe Investigates After User Data Seen on Hacker Forums
23andMe confirmed the attack after an unknown entity was seen selling the private information of millions of its users that were scraped off its website. As posted on the hacker forum, it claimed that the stolen data included origin estimation, phenotype, health information, photos, and identification data.
Aside from the contents of the private information on sale, the post also claimed that 23andMe's CEO was aware of the hacking incident and had never announced that such a thing happened, until now. The attack was reportedly done two months ago already.
The company has already issued a statement stating that the company has already begun an investigation. On the other hand, the company remained firm that they "do not have any indication at this time that there has been a data security incident within our system or that 23andMe was the source of the account credentials used in these attacks."
23andMe Assures Customers on Platform Safety and Security
While investigating, 23andMe suggested that the hackers could have used usernames and passwords from users who recycle their login credentials to other websites that have previously been hacked.
"When we receive information through those processes or from other sources claiming customer data has been accessed by unauthorized individuals, we immediately investigate to validate whether this information is accurate," the company wrote in a blog post.
Meanwhile, the company is encouraging its customers to take individual precautionary actions to their accounts by changing their passwords to strong ones. In addition, they were also advised to enable multi-factor authentication on their accounts.
Related Article: Artificial Womb Research May Soon Be Cleared for Human Trials
