What 23andMe, the hacked company that owns the DNA of millions of people, does
Led by the ex-wife of one of Google's co-founders, genetic testing company 23andMe was hacked and the DNA profiles of millions of people ended up for sale on the dark web. The accounts of Ashkenazi Jews, as well as famous people, appear to have been targeted in particular. Facts, names, numbers and comments
A couple of weeks ago the alarm was raised following the theft of millions of genetic data in the possession of the US company 23andMe. Now, the same hacker, who put them up for sale on the dark web, has reportedly published the sensitive information of another 4 million users.
After the first theft, made known on October 6 (i.e. the day before the Hamas attack on Israel), there was talk of a targeted attack on Ashkenazi Jews, while now on the richest people living in the United States and Europe western. Among them would be, according to what is circulating on the dark web , "DNA profiles of millions of people, ranging from the most important magnates of the world economy to the dynasties that are often whispered about in conspiracy theories", as well as Elon Musk and Mark Zuckerberg.
WHAT IT DOES AND WHO IS BEHIND 23ANDME
23andMe is a California-based , NASDAQ-listed genomics and biotechnology company. Provides DNA testing for hereditary traits, genealogy, and possible congenital risk factors. Leading it since its foundation in 2006 is Anne Wojcicki, sister of former YouTube CEO Susan Wojcicki and ex-wife of Sergey Brin, co-founder of Google. 23andMe's saliva-based genetic collection and analysis business was named Time 's Invention of the Year in 2008 .
But after the successes, in 2013, the Food and Drug Administration (FDA) stopped it because the company did not have regulatory approval to provide information on the health risks to its customers. However, as Nature notes, Wojcicki is certainly not the type to be knocked down – evidenced by a nametag hidden behind a toy unicorn in his office that reads: “I'm the CEO, bitch.” And in fact, after years of work, in 2017, it obtained permission from the FDA to indicate to consumers the risk of developing 10 medical conditions, including Parkinson's disease and late-onset Alzheimer's disease.
At the time, investors estimated it was worth more than $1 billion—a veritable “unicorn,” to put it in Silicon Valley parlance. But for scientists its real value lies in the data it possesses.
THE THEFT OF DATA FROM 23ANDME
For certainly different reasons, the hacker responsible for the theft of genetic data, known as Golem, will also agree with scientists. Two weeks ago, in fact, it started selling them on the dark web for a price between 1 and 10 dollars per account, depending on the size of the purchase.
The cyberattack appears to have been conducted, or at least started, several months ago , and data may have been stolen through credential stuffing , a practice of testing previously disclosed username and password combinations. The information, Golem said , contained first and last names, gender, date of birth, DNA profiles and more specific information about geographic ancestry.
The first theft, which occurred earlier this month, is believed to have affected 7 million accounts (half the total number of 23andMe users) and appeared to specifically target hundreds of thousands of users of Chinese origin and one million accounts of Ashkenazi Jews, i.e. originating from Central and Eastern Europe. In fact, a file called “Ashkenazi DNA Data of Celebrities.csv” was circulating in hacker forums.
The second theft, however, leaked yesterday would involve another 4.1 million genetic profiles relating to people in Great Britain and Germany, disclosed on the hacking forum BreachForums. According to the hackers, among them there is also information from members of the English royal family, the Rothschilds and the Rockefellers. BleepingComputer specifies , however, that it is unable to confirm the accuracy of these statements.
Meanwhile, 23andMe's security flaws have already resulted in a myriad of lawsuits against the company.
TARGETED TARGETS OR JUST ATTENTION SEARCH
As Wired states, it is not yet clear why the hackers wanted to isolate and draw attention to Ashkenazi Jews: “When data relating to ethnic, national, political or other groups is shared, sometimes it is because these groups they've been specifically targeted, but sometimes it's because the person sharing the data thinks they're making headlines to boost their reputation,” explained Brett Callow, threat analyst at security firm Emsisoft.
It remains, however, worrying at this particular moment in which the conflict between Israel and Hamas is ongoing and anti-Semitic demonstrations are increasing. As geneticist Giuseppe Novelli told Agi : “What happened to 23andMe is very serious. It represents violence against the person, because it exposes the individual's dearest, most secret information, that of their DNA, which contains socially and culturally relevant data."
THE IMPORTANCE OF DNA TO PREVENT DISEASES
Novelli then explained how useful a platform like that of 23andMe could be by making it safe from cyber attacks. In fact, the idea of knowing DNA opens up a world of disease prevention based on genetic information.
“For example – says the geneticist -, germline mutations BRCA1 and BRCA2 are known to have a disproportionate impact on Ashkenazi Jews, leading to an increased risk of breast, ovarian and prostate cancer. Knowing your genetic background, particularly whether you have Ashkenazi Jewish ancestry, can influence healthcare decision-making with clinical utility.”
“Ashkenazi Jews and French Canadians – concludes Novelli – can choose to engage in carrier screening for Tay-Sachs disease during their family planning or knowing one's African ancestry can stimulate family research for sickle cell anemia”.
This is a machine translation from Italian language of a post published on Start Magazine at the URL https://www.startmag.it/sanita/cosa-fa-23andme-lazienda-hackerata-che-possiede-il-dna-di-milioni-di-persone/ on Fri, 20 Oct 2023 10:32:37 +0000.