Millions of new 23andMe genetic data profiles leak on cybercrime forum

Golem, the hacker who leaked the data of one million Ashkenazi Jews from the 23andMe ancestry service earlier this month has now released 4.1 million more genetic data profiles.

This time the hacker, who is known by the online handle "Golem," has published a new dataset containing details of what they claim are "the wealthiest people living in the US and Western Europe" on the cybercrime forum BreachForums.

In their announcement of the data's availability, Golem claims that those who are impacted by the breach include the British Royal Family.

Even if just one person from a family takes this test, it provides very detailed information about third-generation cousins.  There are samples from hundreds of families, including the royal family, Rothschilds, Rockefellers, and more.

Exposed information includes users' full names, usernames, profile photos, date of birth, sex, genetic ancestry details, and geographical location.

23andMe says that it is "reviewing the data to determine if it is legitimate." It has also brought in third-party experts to help it with the investigation.

It certainly seems plausible that this latest leak is real.  Earlier this month 23andMe confirmed that data of some of its users had been compromised, although they said that this was not the result of a data breach on their part - but instead the result of an attacker using credential stuffing techniques to break into accounts that were "protected" by passwords already revealed in other third-party data breaches.

As a consequence, all 23andMe users were required to reset their passwords "out of caution," reminded of the need to never reuse passwords, and encouraged to enable multi-factor authentication.

In addition, there is speculation that 23andMe customers who had enabled a feature called "DNA Relatives" (23andMe describes it as a way of allowing you to "find and connect with other DNA Relative participants, and to learn more about your family story") may have
unwittingly allowed any hackers who gained access to their accounts to also scrape the details of others.

23andMe's own documentation states that "people with European or Ashkenazi ancestry typically have many matches" through the "DNA Relatives" feature, something which - it appears - the hacker has been able to abuse to their considerable advantage.

As previously discussed, the implications of the leaking of DNA data can be considerable.