One of the leading direct-to-consumer genetic testing services, 23andMe, probes a possible leak of user data, Cybernews reports.
A threat actor on the cybercrime marketplace, BreachForums, claims to have obtained data from seven million 23andMe users.
The Cybernews research team observed a sample of data shared online, compiled from individuals in one minority group, allegedly from users of 23andMe. The data contained entries for name, sex, age, location, ancestry markers, such as lineage, yDNA, and mtDNA haplogroups (traces of paternal and maternal ancestry), and others. However, Cybernews could not verify the authenticity of the data.
"It's impossible to verify the authenticity of the sample data. If true, this would be significant as it would mean a breach of confidentiality. And if data actually contains DNA data, that would be something you are and would also be significant," Mantas Sasnauskas, the Head of Security Research at Cybernews, noted.
The ongoing investigation has not indicated any data security incident within 23andMe systems, the company says.
“Our investigation indicates that only profile information shared through DNA Relatives has been posted. This does not include information about phenotypes, or health information which is not part of the profile information shared via DNA Relatives,” 23andMe spokesperson told Healthnews.
The company encouraged its customers to keep their accounts secure by creating a strong password that is not easy to guess and unique to the 23andMe account and enabling multi-factor authentication (MFA).
The San Francisco-based personal genomics and biotechnology company 23andMe provides a direct-to-consumer DNA testing service in which customers send a saliva sample.