23andMe agrees to $18 million settlement over data breach
Overview
23andMe has agreed to pay $18 million in a settlement following a data breach that affected approximately 6.9 million customers. This breach occurred between April and September 2023, and was caused by credential-stuffing attacks, where attackers used stolen usernames and passwords to access accounts. The compromised data included sensitive genetic ancestry information, raising significant privacy concerns for users. This incident underscores the risks associated with storing personal genetic data online, as it can be exploited for various malicious purposes. Customers affected by the breach may need to monitor their accounts closely and consider additional security measures to protect their personal information.
Key Takeaways
- Affected Systems: 23andMe customer accounts containing genetic ancestry data
- Action Required: Users should change their passwords and enable two-factor authentication to enhance account security.
- Timeline: Ongoing since April 2023
Original Article Summary
The breach, which occurred between April and September 2023, was the result of credential-stuffing attacks that compromised the data of 6.9 million customers, including sensitive genetic ancestry information.
Impact
23andMe customer accounts containing genetic ancestry data
Exploitation Status
No active exploitation has been reported at this time. However, organizations should still apply patches promptly as proof-of-concept code may exist.
Timeline
Ongoing since April 2023
Remediation
Users should change their passwords and enable two-factor authentication to enhance account security.
Additional Information
This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.
Related Topics: This incident relates to Data Breach.