Hacker leaks millions more 23andMe user records on cybercrime forum

[AimSmall]

If anybody has some information regarding the following please let me know. I attempted to set up a 2 step verification process on my 23andMe account but was unable. So I called their customer service. The agent told me I have to have an authenticator app on my mobile device to get a code in order to set this up. He suggested several but they all required a purchase. I told him I am not paying for an app to set up a 2 step verification as I am already offended that my information was leaked. I asked if he could just provide me with a code but he said he could not. I ask if there was a free site for an authenticator but he never answered. I was not angry with the customer service agent, as he was just the front line serf to do 23andMe's bidding. After I asked if the call was being recorded and he confirmed it was I proceeded to rip into the fools who let information be hacked and then are unable or unwilling to set up an easy, reasonable 2 step verification like I have on Ancestry, my bank, my credit cards and other sites. The agent finished by saying the 2 step verification isn't necessary. I said apparently it is since all my information and data has been hacked. If what this agent stated is true, I can't tell you how angry I am at the arrogance, incompetence and buffoonery of 23andMe. How come I can set up a 2 step verification at other sites with ease but not there? If anybody has knowledge regarding this, let me know if what I was told is correct.

Google's Authenticator & Microsoft's Authenticator are both free applications.  Either is sufficient.

[AimSmall]

There are also browser extensions you can add to do it as well, but I'd suggest a phone app version.

[leonardo]

If anybody has some information regarding the following please let me know. I attempted to set up a 2 step verification process on my 23andMe account but was unable. So I called their customer service. The agent told me I have to have an authenticator app on my mobile device to get a code in order to set this up. He suggested several but they all required a purchase. I told him I am not paying for an app to set up a 2 step verification as I am already offended that my information was leaked. I asked if he could just provide me with a code but he said he could not. I ask if there was a free site for an authenticator but he never answered. I was not angry with the customer service agent, as he was just the front line serf to do 23andMe's bidding. After I asked if the call was being recorded and he confirmed it was I proceeded to rip into the fools who let information be hacked and then are unable or unwilling to set up an easy, reasonable 2 step verification like I have on Ancestry, my bank, my credit cards and other sites. The agent finished by saying the 2 step verification isn't necessary. I said apparently it is since all my information and data has been hacked. If what this agent stated is true, I can't tell you how angry I am at the arrogance, incompetence and buffoonery of 23andMe. How come I can set up a 2 step verification at other sites with ease but not there? If anybody has knowledge regarding this, let me know if what I was told is correct.

Google's Authenticator & Microsoft's Authenticator are both free applications.  Either is sufficient.

How come when I went to the app store there was a charge indicated? Is there another way to get the app?

[leonardo]

Thanks @AimSmall. I used microsoft's app and got things set up.

[geebee-1015]

I put "Google Authenticator" on my phone; I don't remember it costing anything, but if it did it wasn't much.  There are also some apps which are free but also have ads and allow in-app purchases.

EDIT:  Just googled "Google Authenticator" and it says it's free.  That's probably why I didn't remember it costing anything.  ;-)

[Jalisciense]

Interesting to note that Elon Musk might belong to haplogroup (Y DNA) O-F1150.

I’m guessing that’s why the comment was made regarding a migration of his descendants from SE Asia to Madagascar.

If true, his male line descends from the Austronesian People.

https://en.wikipedia.org/wiki/Austronesian_peoples

Do you know what are his Autosomal results and mtDNA haplogroup? Or were his results not leaked?

[leonardo]

I noticed AncestryDNA's message is going to require a two factor authentication soon. I'm guessing due to this.

I already set this up.

[ChrisR]

I'm a fan of good unique (only per service) passwords. I 'm no fan of 2FA trough third parties, trough email is OK in most cases, but annoying for those services used more then 2-3 times per month. So I will end up checking less often on some accounts.
Having said that some news (not much in reality) - Summary:

23andMe revealed that hackers breached approximately 14,000 customer accounts, constituting 0.1% of its customer base. The attackers not only accessed these accounts but also obtained files containing profile information from users who had opted into 23andMe's DNA Relatives feature. The company did not specify the extent of the impact on these "other users." The stolen data included ancestry and, for some, health-related information. Analysis by TechCrunch revealed similarities between the stolen data and publicly available genealogy records. Following the breach, 23andMe enforced password resets, urged multi-factor authentication, and later mandated two-step verification, prompting similar measures by other DNA testing companies Ancestry, MyHeritage [and it seems also FTDNA].

https://techcrunch.com/2023/12/01/23andm...-ancestry/

[leonardo]

An update on the hack.
https://techcrunch.com/2023/12/01/23andm...estry/amp/

[Awood]

Did they catch this guy or guy(s)? I can't find anything in the news. Also, I would say it does look like Musk has something in his ancestry other than Dutch, so a SE Asian origin YDNA wouldn't be entirely unexpected.

I'm more interested in catching the perps than the actual leak.

[fished]

Maybe I just have idiosyncratic views on this subject (as I generally believe people should be open to sharing their ancestry results), but even if I didn't, I struggle to understand why Elon Musk should care if people know that he has an East Asian y hg (assuming that's even legit) or why a Jewish public figure should care if people know that they're 99% Ashkenazi. It's really not like you've dug up these people's dirty laundry or anything.

[Riverman]

The basic problem is that the tester should be able to decide what he wants to share and what not. And if a platform guarantees that, but hackers breech their system, that's obviously a problem.
Even though like I said, its not specific to genetic testing and the results from genetic testing are probably less problematic than many other breeches which have happened and will happen in the future. Like as bad as it is, if private photos and bank accounts get stolen, its obviously much worse imho.

[Rufus191]

Did they catch this guy or guy(s)? I can't find anything in the news. Also, I would say it does look like Musk has something in his ancestry other than Dutch, so a SE Asian origin YDNA wouldn't be entirely unexpected.

I'm more interested in catching the perps than the actual leak.

Well, genealogically, his paternal line actually traces to Suffolk, England, so maybe that should be taken with a pinch of salt, although of course an NPE could be involved.

As regarding 23andme, 2 factor authentication is now mandatory, as it also with Ancestry, and with MyHeritage, if you want to view DNA results. I note that 23andme has not re-enabled the shared match feature.

[leonardo]

Did they catch this guy or guy(s)? I can't find anything in the news. Also, I would say it does look like Musk has something in his ancestry other than Dutch, so a SE Asian origin YDNA wouldn't be entirely unexpected.

I'm more interested in catching the perps than the actual leak.

Well, genealogically, his paternal line actually traces to Suffolk, England, so maybe that should be taken with a pinch of salt, although of course an NPE could be involved.

As regarding 23andme, 2 factor authentication is now mandatory, as it also with Ancestry, and with MyHeritage, if you want to view DNA results. I note that 23andme has not re-enabled the shared match feature.

And without the shared match feature it renders the genealogical part of 23andMe mostly useless. I saw an article in response to the hack where 23andMe blamed the users for getting hacked because their passwords were weak. 23andme should take responsibility for their part though as well. Anyway, I hardly check the site anymore because there is no shared match tools and I haven't seen many new matches. Maybe people have been scared off.

[Rufus191]

Did they catch this guy or guy(s)? I can't find anything in the news. Also, I would say it does look like Musk has something in his ancestry other than Dutch, so a SE Asian origin YDNA wouldn't be entirely unexpected.

I'm more interested in catching the perps than the actual leak.

Well, genealogically, his paternal line actually traces to Suffolk, England, so maybe that should be taken with a pinch of salt, although of course an NPE could be involved.

As regarding 23andme, 2 factor authentication is now mandatory, as it also with Ancestry, and with MyHeritage, if you want to view DNA results. I note that 23andme has not re-enabled the shared match feature.

And without the shared match feature it renders the genealogical part of 23andMe mostly useless. I saw an article in response to the hack where 23andMe blamed the users for getting hacked because their passwords were weak. 23andme should take responsibility for their part though as well. Anyway, I hardly check the site anymore because there is no shared match tools and I haven't seen many new matches. Maybe people have been scared off.

Well I was a bit shocked at the careless coding that the hacker described that made it a lot easier to extract data, and the fact 23andme still hadn't fixed the issue when he informed them. I am guessing the shared match feature will not come back until there is some major site reworking. It seemed like they had more sales than normal leading up to the Christmas/New Year period, but they still didn't cut the price as low as I have seen it before. Without the shared match feature I don't see many people getting the genealogy only kit.