On Friday, 23andMe, a genetic testing company, confirmed that data from a subset of users with Ashkenazi Jewish ancestry had been compromised and listed for sale online.
According to Wired, the company suggests their systems were not breached but that attackers were able to gain access by guessing user login credentials and using the feature DNA Relatives to scrape additional information.
Reports indicate that a list of 999,999 individuals with Ashkenazi Jewish ancestry has been published online and on the Dark Web. The database contains first and last names, sex, and 23andMe’s assessment of ancestral origin.
While the majority of affected people are not public figures, the file is titled “Ashkenazi DNA Data of Celebrities,” and appears to have been curated to include only those with Ashkenazi heritage.
Hackers have apparently compiled a large list of people with Ashkenazi Jewish ancestry after taking their information from South San Francisco-based genetic testing service 23andMe, and sharing it online. https://t.co/TyzI2fyyR1
— NBC Bay Area (@nbcbayarea) October 8, 2023
NBC News was able to verify the data of two 23andMe users in the breach as authentic.
“Crazy, this could be used by Nazis,” one person who appears in the database said.
The company is still investigating the incident, but is treating the leak as authentic. In an emailed statement, a 23andMe spokesperson said the company believes it wasn’t hacked per se. Instead, it believes that the hackers simply gained some users’ passwords that had been hacked and leaked from other sites, then exploited the fact that 23andMe can give users vast access to each others’ genetic information.
A user on a popular hacker forum had claimed to have made a larger database of users for sale earlier this week. It’s unclear if whoever compiled the list to only include Ashkenazi heritage is the same person or group who initially made it for sale.
In light of what is currently happening in Israel, this is a disturbing revelation.