23andMe private user data is up for sale in the Dark Web


Regular Member
Reaction score
Ethnic group
Y-DNA haplogroup
I2-M223 / I-FTB15368
mtDNA haplogroup
The 23andMe accounts of millions of peoples were compromised, according to claims on Dark Web forums. 23andMe claims that their database was not hacked per se, but that they accessed a large amount of internal information through an apparently basic technique of credential stuffing. In other words, they entered the database with the name and password obtained in other cyber attacks.
Millions of users whose login details were similar to those of other services were hacked. Among the data obtained are names, photographs, geolocation and information about "DNA Relatives", an optional service offered by the company to discover which other people you have some type of genetic connection with. The initial leak indicates that a database with "1 million lines of data on Ashkenazi individuals" - one of the main Jewish ethnic groups - was put up for sale. In addition, a database with information on 300,000 users of Chinese origin was put up for sale.


That's not really a hack on 23andMe, because they used user logins to gain access to the data this user could see. The logins came from other real hacks or were acquired in another way unrelated to 23andMe.
Basically most of the data, if I understood it correctly, is half-public anyway.
They say that the “information obtained may have included users’ display name, profile photo, profile sex, birth year, location, predicted relationships to their match, the percent DNA match and number of shared genetic segments and portions of their genetic ancestry results, including haplogroups, which provide information about ancestry”.
This information is private data and the 23andMe users can only see it because of their genetic relationship with other users through the DNA Relatives tool.
Without a 23andMe user profile, a genetic relationship and an opt-in choice to discover their relatives there is no access to this information.​
It's hard to imagine what it's like to find out that your personal information has been compromised. Unfortunately, this is becoming an increasingly common problem as hackers become more sophisticated.

The 23andMe data breach is another alarming example of how important it is to keep your computer and online accounts secure.

One of the most effective security measures you can take is to use a hardware token for two-factor authentication (2FA). A hardware token is a small device that generates one-time passwords (OTPs) that you must enter in addition to your standard password when logging in. This makes it much more difficult to hack your accounts, even if hackers know your password.

I personally use hardware token Protectimus for 2FA on all my important accounts. Protectimus is a very secure and popular token that supports many different 2FA protocols.

In addition to using a hardware token for 2FA, you can also take the following steps to protect your online accounts:

Use strong and unique passwords for each account.
Don't use the same password for all your accounts.
Avoid using generic passwords such as "123456", "password" or "qwerty".
Change passwords regularly for all your accounts.
Be careful when opening suspicious links and attachments in emails.
Use reliable antivirus and antispyware software.
Keep your PC up to date with the latest software and driver updates.
Be careful when using public computers.

By following these tips, you can significantly reduce your risk of becoming a victim of cybercriminals.

This thread has been viewed 1457 times.