Genetic testing company 23andMe has launched an investigation after private user data leaked from its website, writes Ars Technica.
The company took the appropriate action after an advertisement was posted online about the sale of private information of 23andMe users.
The attackers claimed to be selling health information, photos, identification data, etc. According to them, they gained access to “13 million data” of 23andMe users.
Such announcements also stated that 23andMe’s management was aware of the data breach and did not report the incident.
The company confirmed that the private data of some users was indeed put up for sale. The reason for the leak is called data scraping, a method that essentially allows you to collect large amounts of data by systematically extracting smaller amounts of information available to individual users of the service.
As you know, 23andMe was founded in 2006 to provide DNA testing and interpretation of results for individual consumers. To use the company’s services, users must collect and submit saliva samples to 23andMe using a special kit, which are sent to a laboratory for DNA analysis.
As a reminder, in 2018, information was leaked from the genealogy website MyHeritage. The email addresses and passwords of more than 92 million users were stolen.