Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
Matt Johansen Profile picture
@mattjay
Oct 6, 2023 12 tweets 4 min read Read on X
Scrolly
🚨BREAKING: Genetics firm 23andMe confirms user data theft in a credential stuffing attack.

The hackers released 1 million lines of data targeting Ashkenazi Jews.
23andMe, a renowned U.S. biotech & genomics firm, offers genetic testing services.

A threat actor recently leaked data samples from the firm and is now selling 23andMe customer data packs. Image
TARGETED LEAK: The initial data leak was limited but deeply concerning.
The threat actor released 1 million lines of data specifically for Ashkenazi people.

This targeted attack raises serious questions about the motive behind the breach. Image
On October 4, the hacker offered to sell data profiles in bulk, ranging from $1-$10 per 23andMe account, depending on the quantity purchased. Image
23andMe's RESPONSE: The company confirmed the data's legitimacy. They believe the hackers used credentials from other breaches to access 23andMe accounts.

"We do not have any indication at this time that there has been a data security incident within our systems." Image
The leaked data includes full names, usernames, profile photos, sex, date of birth, genetic ancestry results, and geographical location.

This is a goldmine for identity thieves and malicious actors.
The compromised accounts had opted into the platform's 'DNA Relatives' feature.

The hacker accessed a few 23andMe accounts and scraped the data of their DNA Relative matches, showing the potential risks of such features. Image
23andMe offers two-factor authentication and urges all users to enable it.

It's a reminder for everyone to refrain from reusing passwords and to always use strong, unique credentials. Image
Thanks @billtoulas for the writeup -

bleepingcomputer.com/news/security/…
@billtoulas If you want to stay on top of stories like this, join 4,000+ other pros who let me curate their news on Vulnerable U:

vulnu.mattjay.com
Image
23andme announces still investigating - cyberscoop.com/23andme-user-d…
We'll see what the next few days hold. I see a lot of you tagging Troy. He's aware, and we're all just waiting to see more.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Matt Johansen

Matt Johansen Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @mattjay

Matt Johansen Profile picture
Feb 11
Hackers are using Google Tag Manager (GTM) to inject credit card skimmers into E-commerce sites.

At least 6 compromised sites identified so far. Here's what we're seeing. 👇
Malicious GTM script reference (GTM-MLHK2N68) stored in Magento's cms_block.content table.

Attackers using GTM as delivery mechanism to bypass security controls. Image
Obfuscated JS skimmer activates on checkout pages, exfiltrating card data to C2 domain eurowebmonitortool[.]com.

Additional persistence achieved via PHP backdoor in media/index.php allowing remote code execution through base64-encoded commands.

Gives attackers ongoing access post-cleanup.Image
Read 8 tweets
Matt Johansen Profile picture
Jan 7
Hackers claim to have compromised Gravy Analytics, exposing millions of smartphone location records—including data sold to U.S. government agencies.

This could be the first major breach of a location data broker. Here’s what you need to know 👇
Potential impact:
- Precise GPS coordinates + timestamps on millions of people
- User movement classifications ("LIKELY_DRIVING")
- Customer lists (Apple, Uber, Equifax & more)
- Root access to Gravy's servers, control of domains, and Amazon S3 buckets Image
For years, firms like Gravy have sold location data to military, DHS, and even the FBI. Now hackers claim to have access dating back to 2018.

Potential risks:
- De-anonymization of individuals
- Tracking high-risk people
- Exposure of schools, clinics, and more
(img: EFF) Image
Read 5 tweets
Matt Johansen Profile picture
Nov 27, 2024
This is nuts.

Major investigation reveals ExxonMobil allegedly orchestrated hack-for-hire campaign targeting 500+ climate activists and journalists. Image
The campaign deployed 28K+ malicious URLs and 100+ targeted phishing attempts.

It's annual budget is estimated at $10M+ through DCI Group (PR firm). Image
The chain that this report traced through:
DCI Group -> Israeli PI, Amit Forlit -> BellTroX InfoTech Services (India-based hack-for-hire). Image
Read 11 tweets
Matt Johansen Profile picture
Oct 10, 2024
New series of Palo Alto Networks vulnerabilities, chained together for a bad time.

“We find that a simple request to that exact endpoint over the web service resets the admin password.”

Well, I don’t like the sound of that… 🧵 Image
First up -

CVE-2024-9464 is an OS command injection vulnerability in Palo Alto Networks Expedition

This allows an authenticated attacker to run arbitrary OS commands as rootImage
Next -

CVE-2024-9465 is an SQL injection vulnerability in Palo Alto Networks Expedition

This allows an unauthenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys.Image
Read 7 tweets
Matt Johansen Profile picture
Oct 5, 2024
So U.S. uses backdoors in it's own Internet providers to spy on it's citizens.

China says "don't mind if we do" and backdoors the backdoors.

They sat for months undetected on the U.S. wiretap system for Verizon, AT&T, and more...
Who watchers the watchers? Turns out China does.

My summary:

vulnu.com/p/government-w…
Good thread too:

Read 4 tweets
Matt Johansen Profile picture
Sep 26, 2024
Woah. Millions of cars can be hacked just by knowing the license plate number.

This is done through a simple web app bug too, no complicated car hacking involved.

I also don't think it's fixed yet... 🧵 Image
The bug seems to impact all Kias right now and the researchers didn't disclose a PoC since it isn't fixed but it's been 90 days since disclosure so they're talking about it. Image
With just a license plate number, they found a way to use the web portal that dealers and customers use to setup smart car features to ...do a lot more.

Including unlocking, tracking location, even starting the car. Image
Read 12 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

Send Email!

:(