Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
Matt Johansen Profile picture
@mattjay
Oct 6 12 tweets 4 min read Twitter logo Read on Twitter
Scrolly
🚨BREAKING: Genetics firm 23andMe confirms user data theft in a credential stuffing attack.

The hackers released 1 million lines of data targeting Ashkenazi Jews.
23andMe, a renowned U.S. biotech & genomics firm, offers genetic testing services.

A threat actor recently leaked data samples from the firm and is now selling 23andMe customer data packs. Image
TARGETED LEAK: The initial data leak was limited but deeply concerning.
The threat actor released 1 million lines of data specifically for Ashkenazi people.

This targeted attack raises serious questions about the motive behind the breach. Image
On October 4, the hacker offered to sell data profiles in bulk, ranging from $1-$10 per 23andMe account, depending on the quantity purchased. Image
23andMe's RESPONSE: The company confirmed the data's legitimacy. They believe the hackers used credentials from other breaches to access 23andMe accounts.

"We do not have any indication at this time that there has been a data security incident within our systems." Image
The leaked data includes full names, usernames, profile photos, sex, date of birth, genetic ancestry results, and geographical location.

This is a goldmine for identity thieves and malicious actors.
The compromised accounts had opted into the platform's 'DNA Relatives' feature.

The hacker accessed a few 23andMe accounts and scraped the data of their DNA Relative matches, showing the potential risks of such features. Image
23andMe offers two-factor authentication and urges all users to enable it.

It's a reminder for everyone to refrain from reusing passwords and to always use strong, unique credentials. Image
Thanks @billtoulas for the writeup -

bleepingcomputer.com/news/security/…
@billtoulas If you want to stay on top of stories like this, join 4,000+ other pros who let me curate their news on Vulnerable U:

vulnu.mattjay.com
Image
23andme announces still investigating - cyberscoop.com/23andme-user-d…
We'll see what the next few days hold. I see a lot of you tagging Troy. He's aware, and we're all just waiting to see more.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Matt Johansen

Matt Johansen Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @mattjay

Matt Johansen Profile picture
Sep 22
🧵: Everything We Know About the MGM and Caesar's Hacks

The Big Picture: Both casinos faced significant cyberattacks due to phishing employees' Okta accounts.
Vishing at MGM: The hack started with a vishing campaign. For those new to the term, vishing is "voice phishing"

Attackers posed as IT staff and got employees to reset passwords on critical systems.

This group has also been successful via SMS Image
MGM tried to counteract this by shutting down systems.

But, new info from ALPHV indicates that no ransomware was deployed before MGM's own teams took down their infrastructure.

They shut the doors, but the hackers were already inside. Image
Read 15 tweets
Matt Johansen Profile picture
Sep 12
🚨 Absolutely insane breach info out of Microsoft.

Now that the Storm-0558 flurry has slowed down I wanted to deep dive into what we know and what we don't. 👇
If you're completely new to the issue. The gist:

Threat actor (attributed to China) acquired a vital MSA signing key, breaching Exchange & Outlook accounts. Image
🔑 New Info from Sep 6th blog:

- Microsoft engineer's corporate account compromised via malware-infected machine

- Debugging server housed a crash dump with the MSA signing key - a result of a bug

- The key was exploited leveraging bugs in Azure AD SDK & Exchange vulnerability Image
Read 11 tweets
Matt Johansen Profile picture
Aug 24
🚨 Wow. Imagine waking up, and your entire company's online presence is erased.

Email. Domain. Documents. Databases. Gone

Poof.

Well, that's what happened to customers of two hosting providers this week. 👇
Danish hosting giants CloudNordic and AzeroCloud have been hit by a massive ransomware attack, resulting in a catastrophic loss of customer data.

This isn't just a hiccup; both companies suggest their customers find new providers.

(couldn't not include this hilarious stock img) Image
📅 Timeline: The incident began last Friday night, and fast forward to today, and the situation remains dire.

Despite their best efforts, the IT teams have only managed to bring back some servers, but here's the kicker - they're EMPTY! Image
Read 13 tweets
Matt Johansen Profile picture
Jul 27
🚨 Woah. An intentional backdoor discovered in encrypted radio comms used globally for over 25 years.

Buckle up!
The technology in question is a European radio standard called TETRA (Terrestrial Trunked Radio).

It's used in radios made by Motorola, Damm, Hytera, and others and is embedded in critical infrastructure like pipelines, railways, and the electric grid. Image
TETRA is also used in specialized systems sold exclusively to police forces, prison personnel, military, intelligence agencies, and emergency services.

This includes the C2000 system used by Dutch police, fire, ambulance, and the Ministry of Defense. 🚓🚑 Image
Read 17 tweets
Matt Johansen Profile picture
Jul 18
🔥 Thousands of container images on Docker Hub are leaking confidential secrets!

We've seen this a lot on GitHub repos, but it seems there is another growing way to accidentally publish private keys... Your container images.

Let's look at what's going on:
Docker Hub is a cloud-based repository where the Docker community stores, shares, and distributes Docker images.

These images are blueprints for deploying applications in Docker. Image
The German researchers from RWTH Aachen University analyzed 337,171 images from Docker Hub and thousands of private registries.

The shocking finding?

8.5% of these images contain sensitive data such as private keys and API secrets. 😱
Read 12 tweets
Matt Johansen Profile picture
Jun 13
🚨 Over 250,000 Fortinet firewalls publicly accessible on the Internet.

They just dropped a patch for a major Remote Code Execution vulnerability.

...and then announced the vuln may have been used in attacks already.

Lets dive in 👇 Image
The vulnerability, CVE-2023-27997, was discreetly fixed in the latest FortiOS firmware updates.

The vuln wasn't mentioned in the patch notes but security researchers figured it out. Image
This flaw allows a threat actor full access to infiltrate via the VPN, even if MFA is activated.

It is a heap overflow bug that can be exploited unauthenticated if SSL-VPN is enabled. Image
Read 13 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

Send Email!

:(