The GenArchivist Forum

Full Version: Hacker leaks millions more 23andMe user records on cybercrime forum
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2 3 4 5 6 7
I have a big part of leaked data from one of the cybersec forums. This includes text data consisting profile_id;account_id;first_name;last_name;sex;birth_year;has_health;current_location;region1;region2;region3;region4;region5;subregion1;subregion2;subregion3;subregion4;subregion5;ydna;mtdna

Less serious than it initially looked like, though I can stalk tested US Americans or check their trees using Ancestry and other such sites (that actually helps mapping Y-DNA results into the locations).
(03-07-2024, 11:47 AM)Artmar Wrote: [ -> ]I have a big part of leaked data from one of the cybersec forums. This includes text data consisting profile_id;account_id;first_name;last_name;sex;birth_year;has_health;current_location;region1;region2;region3;region4;region5;subregion1;subregion2;subregion3;subregion4;subregion5;ydna;mtdna

Less serious than it initially looked like, though I can stalk tested US Americans or check their trees using Ancestry and other such sites (that actually helps mapping Y-DNA results into the locations).

Some of the reports seemed to indicate that all shared matches (or whatever they are called on 23andme) were also extracted?
(03-08-2024, 07:01 PM)Rufus191 Wrote: [ -> ]
(03-07-2024, 11:47 AM)Artmar Wrote: [ -> ]I have a big part of leaked data from one of the cybersec forums. This includes text data consisting profile_id;account_id;first_name;last_name;sex;birth_year;has_health;current_location;region1;region2;region3;region4;region5;subregion1;subregion2;subregion3;subregion4;subregion5;ydna;mtdna

Less serious than it initially looked like, though I can stalk tested US Americans or check their trees using Ancestry and other such sites (that actually helps mapping Y-DNA results into the locations).

Some of the reports seemed to indicate that all shared matches (or whatever they are called on 23andme) were also extracted?

Maybe, but I don't have the whole allegedly leaked data (I should be among the leaked records) so I can't confirm that.
Is 23andme safe? Or not yet? Because I'm interested in buying some kits for my family.
(03-17-2024, 11:07 PM)Jalisciense Wrote: [ -> ]Is 23andme safe? Or not yet? Because I'm interested in buying some kits for my family.

I can't say for sure but they now require an authenticator which would make a hacker's ability to get into your account difficult. However, at least for me, I can't see most of the information related to my matches which renders the site rather useless. Maybe this will change in the future.
(03-17-2024, 11:07 PM)Jalisciense Wrote: [ -> ]Is 23andme safe? Or not yet? Because I'm interested in buying some kits for my family.

It is safer than it was before those incidents and there is nothing absolutely safe on the internet, unfortunately. There were worse hacks than 23andMe in the recent years and there will be even worse in the future, I'm afraid.
That's not just a 23andMe or DNA testing issue. It was just chance they got hit this time.
(03-17-2024, 11:34 PM)leonardo Wrote: [ -> ]
(03-17-2024, 11:07 PM)Jalisciense Wrote: [ -> ]Is 23andme safe? Or not yet? Because I'm interested in buying some kits for my family.

I can't say for sure but they now require an authenticator which would make a hacker's ability to get into your account difficult. However, at least for me, I can't see most of the information related to my matches which renders the site rather useless. Maybe this will change in the future.

So now the ethnicity estimate and health info are working but not the genealogical section?
(03-17-2024, 11:35 PM)Riverman Wrote: [ -> ]
(03-17-2024, 11:07 PM)Jalisciense Wrote: [ -> ]Is 23andme safe? Or not yet? Because I'm interested in buying some kits for my family.

It is safer than it was before those incidents and there is nothing absolutely safe on the internet, unfortunately. There were worse hacks than 23andMe in the recent years and there will be even worse in the future, I'm afraid.
That's not just a 23andMe or DNA testing issue. It was just chance they got hit this time.

Yeah; there are always risks, but at least I'm glad this has all calmed down.

So maybe is a good moment to buy some kits, but as I live in México, I hope I don't need a USA ID or something when I create the account.
(03-18-2024, 02:42 AM)Jalisciense Wrote: [ -> ]
(03-17-2024, 11:35 PM)Riverman Wrote: [ -> ]
(03-17-2024, 11:07 PM)Jalisciense Wrote: [ -> ]Is 23andme safe? Or not yet? Because I'm interested in buying some kits for my family.

It is safer than it was before those incidents and there is nothing absolutely safe on the internet, unfortunately. There were worse hacks than 23andMe in the recent years and there will be even worse in the future, I'm afraid.
That's not just a 23andMe or DNA testing issue. It was just chance they got hit this time.

Yeah; there are always risks, but at least I'm glad this has all calmed down.

So maybe is a good moment to buy some kits, but as I live in México, I hope I don't need a USA ID or something when I create the account.

https://customercare.23andme.com/hc/en-u...ou-Ship-To
(03-18-2024, 05:12 AM)Capsian20 Wrote: [ -> ]
(03-18-2024, 02:42 AM)Jalisciense Wrote: [ -> ]
(03-17-2024, 11:35 PM)Riverman Wrote: [ -> ]
(03-17-2024, 11:07 PM)Jalisciense Wrote: [ -> ]Is 23andme safe? Or not yet? Because I'm interested in buying some kits for my family.

It is safer than it was before those incidents and there is nothing absolutely safe on the internet, unfortunately. There were worse hacks than 23andMe in the recent years and there will be even worse in the future, I'm afraid.
That's not just a 23andMe or DNA testing issue. It was just chance they got hit this time.

Yeah; there are always risks, but at least I'm glad this has all calmed down.

So maybe is a good moment to buy some kits, but as I live in México, I hope I don't need a USA ID or something when I create the account.

https://customercare.23andme.com/hc/en-u...ou-Ship-To

Yeah bro, I know 23andMe don't ship to México, but I just found a guy who is selling 23andMe tests here and sending the samples to USA by himself.
(03-18-2024, 02:38 AM)Jalisciense Wrote: [ -> ]
(03-17-2024, 11:34 PM)leonardo Wrote: [ -> ]
(03-17-2024, 11:07 PM)Jalisciense Wrote: [ -> ]Is 23andme safe? Or not yet? Because I'm interested in buying some kits for my family.

I can't say for sure but they now require an authenticator which would make a hacker's ability to get into your account difficult. However, at least for me, I can't see most of the information related to my matches which renders the site rather useless. Maybe this will change in the future.

So now the ethnicity estimate and health info are working but not the genealogical section?

You could say that. There are a number of features that are disabled for the DNA relatives section which renders it useless for me.
(03-17-2024, 11:35 PM)Riverman Wrote: [ -> ]
(03-17-2024, 11:07 PM)Jalisciense Wrote: [ -> ]Is 23andme safe? Or not yet? Because I'm interested in buying some kits for my family.

It is safer than it was before those incidents and there is nothing absolutely safe on the internet, unfortunately. There were worse hacks than 23andMe in the recent years and there will be even worse in the future, I'm afraid.
That's not just a 23andMe or DNA testing issue. It was just chance they got hit this time.

I get your point Riverman but as somebody who was contacted by 23andMe - only via email with a generically written notice, to inform me that my information was stolen, it hits differently than it would for somebody who is just reading about it happening to another. "They," as in 23andMe, didn't get hit. I got hit and still don't know excatly what information was taken. 23andMe has never specified. Furthermore, they never apologized or took any responsibility for the hack. That has left a bad taste in my mouth with this company.
(03-18-2024, 10:23 AM)leonardo Wrote: [ -> ]
(03-17-2024, 11:35 PM)Riverman Wrote: [ -> ]
(03-17-2024, 11:07 PM)Jalisciense Wrote: [ -> ]Is 23andme safe? Or not yet? Because I'm interested in buying some kits for my family.

It is safer than it was before those incidents and there is nothing absolutely safe on the internet, unfortunately. There were worse hacks than 23andMe in the recent years and there will be even worse in the future, I'm afraid.
That's not just a 23andMe or DNA testing issue. It was just chance they got hit this time.

I get your point Riverman but as somebody who was contacted by 23andMe - only via email with a generically written notice, to inform me that my information was stolen, it hits differently than it would for somebody who is just reading about it happening to another. "They," as in 23andMe, didn't get hit. I got hit and still don't know excatly what information was taken. 23andMe has never specified. Furthermore, they never apologized or took any responsibility for the hack. That has left a bad taste in my mouth with this company.

I completely understand your position, but keep in mind that your data wasn't originally stolen from 23andMe, but from a different dite were you have used the same password to log in.
You were never hacked at 23andMe, but 23andMe was plundered because of your data being hacked somewhere else.

I don't blame you, because it could happen to anyone here, unless they play supersafe, but you can't really blame 23andMe either. Unless they informed you much later than they had knowledge of the incident, which seems to have been the case? Not sure.

Like if my mail got hacked, my primary concern is not whether somebody knows my haplogroup or matches, but all the other stuff running through my mails. That's the really frightening part.
And the sooner I know about the breach, the better.

23andMe might not even know where the criminals got your data from, so they can't tell you, not their fault.

The main accusation against 23andMe is therefore the probably too late and a bit sloggish response imho. Otherwise they just got bad luck for being picked out by the criminals.
(03-18-2024, 10:45 AM)Riverman Wrote: [ -> ]I completely understand your position, but keep in mind that your data wasn't originally stolen from 23andMe, but from a different site were you have used the same password to log in.
You were never hacked at 23andMe, but 23andMe was plundered because of your data being hacked somewhere else.
...
The main accusation against 23andMe is therefore the probably too late and a bit sloggish response imho. Otherwise they just got bad luck for being picked out by the criminals.

From what I have been reading and seen the stolen login data used on multiple sites for a unspecified number of 23andMe customers was the "door opener". The mass scraping of an unspecified but higher number of 23andMe profile data from the matches of kits with leaked logins was enabled by the lack of 23andMe implementing anti-scraping measures. Even worse if one login was enough, so an authenticated user of 23andMe, allowed the mass scraping of profile IDs, since according to reports it was possible to access the profiles of kits who were not even matches by just entering their ID number in the URL.
We still do not have the information from 23andMe (Logs, number of profiles likely scraped, etc.) or the full leaked data to check what really has happened.
But IMO this 23andMe leak can only be in part blamed on leaked login data of users and is mostly caused by lack of "website hardening" by 23andMe.
So I also see the company in a bad state as now they have just deactivated the "harmful functions" instead of finding solutions so that at least clear match (= relative) information can still be viewed, even if less comfortable.
(03-18-2024, 06:17 AM)Jalisciense Wrote: [ -> ]
(03-18-2024, 05:12 AM)Capsian20 Wrote: [ -> ]
(03-18-2024, 02:42 AM)Jalisciense Wrote: [ -> ]
(03-17-2024, 11:35 PM)Riverman Wrote: [ -> ]
(03-17-2024, 11:07 PM)Jalisciense Wrote: [ -> ]Is 23andme safe? Or not yet? Because I'm interested in buying some kits for my family.

It is safer than it was before those incidents and there is nothing absolutely safe on the internet, unfortunately. There were worse hacks than 23andMe in the recent years and there will be even worse in the future, I'm afraid.
That's not just a 23andMe or DNA testing issue. It was just chance they got hit this time.

Yeah; there are always risks, but at least I'm glad this has all calmed down.

So maybe is a good moment to buy some kits, but as I live in México, I hope I don't need a USA ID or something when I create the account.

https://customercare.23andme.com/hc/en-u...ou-Ship-To

Yeah bro, I know 23andMe don't ship to México, but  I just found a guy who is selling 23andMe tests here and sending the samples to USA by himself.

So you found that out. How does he send them?

How about FamilyTreeDNA kits for BigY? You can order the kit so that it arrives in Mexico. It takes a long time but it makes it with DHL and they provide a tracking number. You can even order just the kit without paying for BigY ahead of time and once there is a sale then order BigY. That way you already have the kit and sample ready sent back.

I do prefer AncestryDNA for autosomal though since I have so many Mexican relatives on AncestryDNA where I can do some basic triangulation. Although the Y-DNA haplogroup of 23andme is nice to where I can see the haplogroup of my ancestors through the Y-DNA of my relatives. I can also see who else has a haplogroup similar to mine. They are old haplogroups but at least I know that much.
Pages: 1 2 3 4 5 6 7