Summary: Biotechnology and genetic testing company 23andMe has experienced a serious data breach resulting in the compromise of 4.1 million genetic data profiles of individuals in Great Britain and Germany. This comes after a previous leak of information from 1 million Ashkenazi Jews earlier this month.

According to reports from BleepingComputer, 23andMe fell victim to credential stuffing attacks, where a threat actor used stolen login credentials from other breaches to gain unauthorized access to user accounts on the company’s platform. These compromised accounts included genetic profiles and sensitive personal information of individuals in Great Britain and Germany.

This latest breach follows a previous incident where information from 1 million Ashkenazi Jews was leaked. Although it is unclear whether the two incidents are connected, the timing raises concerns about the security measures in place to protect user data.

Credential stuffing attacks have become a prevalent method used cybercriminals to exploit the reuse of passwords across multiple platforms. By leveraging stolen credentials, attackers can gain unauthorized access to user accounts, potentially exposing sensitive information or even taking control of the accounts.

23andMe is a major biotechnology and genetic testing firm based in the United States. The company offers direct-to-consumer genetic testing services, allowing individuals to learn more about their ancestry, health predispositions, and genetic traits.

It is crucial for companies like 23andMe to prioritize user data security and take proactive measures to prevent data breaches. Robust authentication mechanisms, including multi-factor authentication, can add an extra layer of protection and mitigate the risk of credential stuffing attacks.

The compromised genetic data of millions of individuals raises significant privacy and security concerns. Cybersecurity professionals are urging affected users to change their passwords immediately and to monitor their accounts for any suspicious activities or unauthorized access.

