Excerpt:

Hackers claiming to have access to the names, photos, birth details, and ethnicities of potentially millions of 23andMe customers are peddling the information on the dark web for thousands of dollars.

The data appears to have been gathered from user credentials that were exposed in prior data breaches, and the company's security systems have not been breached, according to 23andMe.

"The preliminary results of this investigation suggest that the login credentials used in these access attempts may have been gathered by a threat actor from data leaked during incidents involving other online platforms where users have recycled login credentials," a spokesperson for the company told Insider. In other words, the hackers plugged in leaked username-password combinations into 23andMe accounts in a technique known as "credential stuffing."

The company first became aware of the attack in a post on Reddit that appears to have been removed by the platform. Since then, hackers have taken to hawking the data on the cybercrime marketplace, BreachForums.

One anonymous seller advertised the data on BreachForums earlier this week as containing "DNA profiles of millions, ranging from the world's top business magnates to dynasties often whispered about in conspiracy theories," and noted that each set of data also came with "corresponding email addresses," based on a repost of the ad on X. The sample data reportedly contains entries for tech execs like Mark Zuckerberg, Sergey Brin, and Elon Musk, according to Wired, but its unclear whether the entries are legitimate. The company is helmed by Anne Wojcicki — sister of former YouTube CEO Susan Wojcicki and ex-wife of Sergey Brin.

And the seller offered profile bundles starting at $1000 for 100 profiles going all the way up to $100,000 for 100,000 profiles, noting that for each bulk purchase of 10,000 they'd offer the flexibility of incremental payments.

Another post on BreachForums, also reposted to X, noted that the data contained "half of the members of 23andMe." The company, which has a total 14 million users, has yet to confirm the number of compromised user accounts and also noted that no raw genetic data was shared.

...