Resecurity Goes Into The Weeds Of The 23andMe Hack
Resecurity has released threat research confirming an increased interest to organizations storing PII and genetic information specifically.
In context of 23andMe incident, it is definitely important to differentiate between a possible data breach on the company side (what can be determined only in the result of throughout investigation and digital forensics performed independently) and actual account takeover (ATO) activity happening on customer side regardless from it.
For example, Resecurity observed over 11,387 records containing customer artifacts exposed in Dark Web containing reference to 23andMe.
Those artifacts include customer credentials.
Note that some of such records appeared even after the incident has been publicly disclosed. Resecurity tracked several credible actors in Dark Web who confirmed such credentials have been collected using malicious code (password stealers and formgrabbers, like Vidar, Azorult, Red Stealer, etc.) and their investigators acquired multiple samples.
For now, 23andMe forced all users to change their passwords. Once the user attempts to login with an old password, he will be asked to define a new password.
This entry was posted on January 4, 2024 at 3:52 pm and is filed under Commentary with tags Resecurity. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Resecurity Goes Into The Weeds Of The 23andMe Hack
Resecurity has released threat research confirming an increased interest to organizations storing PII and genetic information specifically.
In context of 23andMe incident, it is definitely important to differentiate between a possible data breach on the company side (what can be determined only in the result of throughout investigation and digital forensics performed independently) and actual account takeover (ATO) activity happening on customer side regardless from it.
For example, Resecurity observed over 11,387 records containing customer artifacts exposed in Dark Web containing reference to 23andMe.
Those artifacts include customer credentials.
Note that some of such records appeared even after the incident has been publicly disclosed. Resecurity tracked several credible actors in Dark Web who confirmed such credentials have been collected using malicious code (password stealers and formgrabbers, like Vidar, Azorult, Red Stealer, etc.) and their investigators acquired multiple samples.
For now, 23andMe forced all users to change their passwords. Once the user attempts to login with an old password, he will be asked to define a new password.
You can get into the weeds on this topic here: https://www.resecurity.com/blog/article/hunting-genetics-data-cyberespionage-in-the-context-of-geopolitical-conflicts
Share this:
Like this:
Related
This entry was posted on January 4, 2024 at 3:52 pm and is filed under Commentary with tags Resecurity. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.