Hacked: 23 and Me 6.9 million accounts effected

23andMe-kit

Important Takeaways:

  • In some cases this included family trees, birth years and geographic locations, the company said.
  • After weeks of speculation the firm has put a number on the breach, with more than half of its customers affected.
  • The stolen data does not include DNA records.
  • 23andMe is a giant of the growing ancestor-tracing industry. It offers genetic testing from DNA, with ancestry breakdown and personalized health insights.
  • The biotechnology company, which is based in South San Francisco, was not hacked itself but cyber-criminals logged into about 14,000 individual accounts, or 0.1% of customers, by using email and password details previously exposed in other hacks.
  • As was first reported by Tech Crunch, the company has acknowledged that by accessing those accounts, hackers were then able to find their way into “a significant number of files containing profile information about other users’ ancestry”.
  • The criminals downloaded not just the data from those accounts but the private information of all other users they had links to across the sprawling family trees on the website.
  • The stolen data includes information like names, how each person is linked and in some cases birth years, locations, pictures, addresses and the percentage of DNA shared with relatives

Read the original article by clicking here.

Facebook unearths security breach affecting 50 million users

FILE PHOTO: A 3D-printed Facebook logo is seen in front of displayed binary digits in this illustration taken March 18, 2018. REUTERS/Dado Ruvic/Illustration/File Photo

By Munsif Vengattil, Arjun Panchadar and Paresh Dave

(Reuters) – Facebook Inc said on Friday that hackers had discovered a security flaw that allowed them to take over up to 50 million user accounts, a major breach that adds to a bruising year for the company’s reputation.

Facebook, which has more than 2 billion monthly active users, said it has been unable to determine yet whether the attackers misused any of the affected accounts or stole private information.

Facebook made headlines earlier this year after the data of 87 million users was improperly accessed by Cambridge Analytica, a political consultancy. The disclosure has prompted government inquiries into the company’s privacy practices across the world, and fueled a “#deleteFacebook” movement among consumers.

Shares in Facebook fell more than 3 percent in afternoon trading, weighing on major Wall Street stock indexes.

The latest vulnerability had existed since July 2017, but Facebook did not discover it until this month when it spotted an unusual increase in use of its “view as” feature.

“View as” allows users to see what their own profile looks like to someone else. The flaw inadvertently issued users of the tool a digital code, similar to browser cookie, that could be used to post from and browse Facebook as if they were someone else.

The company said it fixed the issue on Thursday. It also notified the U.S. Federal Bureau of Investigation, Department of Homeland Security and Irish data protection authority about the breach.

Facebook reset the digital keys of the 50 million affected accounts, and as a precaution reset those keys for another 40 million that have been looked up through the “view as” option over the last year.

About 90 million people will have to log back into Facebook or any of their apps that use a Facebook login, the company said.

Facebook is also temporarily disabling “view as,” it said.

In 2013, Facebook disclosed a software flaw that exposed 6 million users’ phone numbers and email addresses to unauthorized viewers for a year, while a technical glitch in 2008 revealed confidential birth-dates on 80 million Facebook users’ profiles.

(Reporting by Munsif Vengattil and Arjun Panchadar in Bengaluru, Paresh Dave in San Francisco; Editing by Sai Sachin Ravikumar and Meredith Mazzilli)