Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
Matt Johansen Profile picture
@mattjay
Oct 6, 2023 12 tweets 4 min read Read on X
Scrolly
🚨BREAKING: Genetics firm 23andMe confirms user data theft in a credential stuffing attack.

The hackers released 1 million lines of data targeting Ashkenazi Jews.
23andMe, a renowned U.S. biotech & genomics firm, offers genetic testing services.

A threat actor recently leaked data samples from the firm and is now selling 23andMe customer data packs. Image
TARGETED LEAK: The initial data leak was limited but deeply concerning.
The threat actor released 1 million lines of data specifically for Ashkenazi people.

This targeted attack raises serious questions about the motive behind the breach. Image
On October 4, the hacker offered to sell data profiles in bulk, ranging from $1-$10 per 23andMe account, depending on the quantity purchased. Image
23andMe's RESPONSE: The company confirmed the data's legitimacy. They believe the hackers used credentials from other breaches to access 23andMe accounts.

"We do not have any indication at this time that there has been a data security incident within our systems." Image
The leaked data includes full names, usernames, profile photos, sex, date of birth, genetic ancestry results, and geographical location.

This is a goldmine for identity thieves and malicious actors.
The compromised accounts had opted into the platform's 'DNA Relatives' feature.

The hacker accessed a few 23andMe accounts and scraped the data of their DNA Relative matches, showing the potential risks of such features. Image
23andMe offers two-factor authentication and urges all users to enable it.

It's a reminder for everyone to refrain from reusing passwords and to always use strong, unique credentials. Image
Thanks @billtoulas for the writeup -

bleepingcomputer.com/news/security/…
@billtoulas If you want to stay on top of stories like this, join 4,000+ other pros who let me curate their news on Vulnerable U:

vulnu.mattjay.com
Image
23andme announces still investigating - cyberscoop.com/23andme-user-d…
We'll see what the next few days hold. I see a lot of you tagging Troy. He's aware, and we're all just waiting to see more.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Matt Johansen

Matt Johansen Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @mattjay

Matt Johansen Profile picture
Nov 20
FCC just voted 2-1 to eliminate cybersecurity requirements for telecom carriers, reversing rules adopted at the end of Biden admin.

The telecom industry successfully lobbied against the rules, claiming they were too burdensome and that voluntary cooperation works better Image
The decision undoes a declaratory ruling that stated the 1994 Communications Assistance for Law Enforcement Act (CALEA) requires telecoms to secure networks from unlawful access and interception.

Also eliminates proposed minimum security standards. Image
This comes months after Salt Typhoon, where Chinese APT penetrated multiple major US telecoms and accessed sensitive comms data. Image
Read 7 tweets
Matt Johansen Profile picture
Oct 23
Woah. Trenchant, who develops zero-days and surveillance tools for Five Eyes intelligence agencies (US, UK, Canada, Australia, and New Zealand). Has had an insider accused of selling secrets to Russia. Image
Image
Former L3Harris/Trenchant GM Peter Williams charged with stealing trade secrets. DOJ claims he made $1.3M from the sale. Image
Timeline: Williams allegedly stole 7 trade secrets between Apr '22-Jun '25, and an 8th between Jun-Aug '25. He was Trenchant's GM from Oct '24 until Aug '25, operating out of DC. Image
Read 9 tweets
Matt Johansen Profile picture
Sep 29
This BBC reporter was offered 25% of a ransom payout if he gave hackers access to the corporate network.

He played along, so we got a look inside their tactics here: Image
Initial contact came to @JoeTidy via Signal from "Syndicate" offering 15% of potential ransom payment for access to BBC systems.

Offer later increased to 25% of what they claimed would be "1% of BBC's total revenue." Image
@joetidy Threat actor claimed to be a "reach out manager" for Medusa - a Ransomware-as-a-Service operation believed to operate from Russia/CIS region.

Group has hit 300+ victims in past 4 years per US cyber authorities.

(img: TheHackerNews) Image
Read 10 tweets
Matt Johansen Profile picture
Jun 17
Breaking: House Oversight's top Dem Rep. Lynch requests Microsoft provide info on DOGE staffer's GitHub repo.

It allegedly contains code to extract data from the NLRB's case management system. Image
Key context: This follows whistleblower Daniel Berulis's disclosure about ~10GB of data exfiltrated from NLRB's NxGen system.

DOGE engineer Jordan Wick's repo "NxGenBdoorExtract" was made private before investigation. Image
The alleged extraction code was hosted on Microsoft-owned GitHub.

Rep. Lynch specifically wants details about attempts to "conceal activities, obstruct oversight, and shield from accountability." Image
Read 8 tweets
Matt Johansen Profile picture
Jun 9
U.S. labs keep finding *undocumented* cellular radios hidden inside some Chinese-made solar inverters & battery packs

Those radios give the gear a second, undocumented path to the internet. Global governments are reacting already: 🧵 Image
Inverters already need remote access for firmware updates, so utilities put them behind firewalls.

A covert LTE module can hop right over that barrier, reach a cloud service in China, and issue commands the operator never sees.
Security teams have confirmed multiple makes and models with these extra radios in the last nine months.

The labs aren’t saying how many units they’ve torn down. Only that the problem spans *several* suppliers. Image
Read 15 tweets
Matt Johansen Profile picture
May 5
TeleMessage, the company behind the modified Signal client used by Trump admin officials, has been breached.

Attacker claims the hack took "15-20 minutes" with minimal effort. Image
TeleMessage creates modified versions of Signal/WhatsApp/Telegram that archive messages for gov agencies.

Recently made headlines when National Security Advisor Waltz was photographed using it. Image
A hacker accessed unencrypted message contents, contact info of gov officials, admin credentials, and customer data.

Notably includes CBP, Coinbase, and other financial institutions. Image
Read 10 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

Send Email!

:(