The 23andMe data breach could have some dark implications for those who had their personal information compromised as the result of the site’s hack, according to various media outlets and TikTok users who responded to a post uploaded by @that_investor pertaining to the incident.
TikTok user @that_investor gives a breakdown of the event in a viral clip that’s garnered more than 1.1 million views since it was posted, with many folks speculating the various ways in which people’s personal information, including their name and genetic code, could be used against them. What’s more is that the TikToker says all of this could’ve been avoided had key 23andMe employees just used tougher security protocols.
@that_investor 23 and me data breach exposes customer’s DNA #23andmetiktok #23andme #geneticsequencing #23andmeresults #ancestorydna #lostcousin #23andmehack #23andmesceptic #geneticsscanner ♬ Suspicious, slow and simple song – Kohrogi
“23andMe was just hacked and now your DNA is for sale on the black market. A thousand dollars can get you 100 profiles which means your DNA is worth about $10 or—for those high rollers out there a hundred grand gets you 100,000 profiles,” the TikToker says, while pointing to what looks like a website dedicated to selling the hacked profiles of 23andme users.
The TikToker continues, “A spokesperson at 23andme said that we were made aware of certain profiles that were compiled through access to individual 23andme accounts. There is no indication at this time that there’s been a data security incident within our system that’s very important. That means that someone high up in the company who had access to everyone’s login information, they got hacked. Amateur hour. This wouldn’t have happened if they had stored everything on chain, but because it’s not—.” The video then cuts out.
Fortune reported on Oct. 6 that a hacker has been claiming to sell “millions” of 23andMe user profiles containing personal information along with lines of genetic code online for interested buyers. The personal data could include any photos that were uploaded to 23andMe’s services, along with their gender, date of birth, email address, and ethnicity.
So what could someone do with knowledge of your specific genetic code? Vice published an article in 2016 that delved into the possible discriminatory ways this information could be used. The outlet interviewed Dr. Robert Green, director of the Genomes to People at Harvard University who said, “You can imagine scenarios where unsavory people could try to use this stuff in personal ways. If there were variants that put someone at risk for Alzheimer’s disease and you were vying with that person in a corporation for a job, you could somehow try to use that information to suggest that they might be unfit. You could be in a custody battle where DNA could suggest there’s a predisposition to psychiatric illness, for example.”
The Washington Post also reported that 23andMe is encouraging its users to change their passwords in response to the cyber security attack, and that Jewish users were referenced in the purported sales of these passwords, suggesting there was a discriminatory component related to the nature of the data breach.
So how did the data breach happen? Similar to what @that_investor says in his TikTok, The Washington Post reports, “A 23andMe spokeswoman confirmed that the leak contained samples of genuine data and said the company is investigating. She said it appeared likely that the hacker or accomplices used a common technique called credential stuffing: Taking username-and-password combinations published or sold after breaches at other companies, and trying those combinations to see which were reused by 23andMe customers. When the hacker found logins that worked, they copied all the information made available to legitimate users by their relatives, sometimes hundreds of them per account.”
Commenters who saw @that_investor’s post had a litany of different responses, like one who said they were happy they never shelled out the money for a 23andMe account: “in this moment , i’m happy im broke and could never afford 23 and me.”
Another user questioned why it would be harmful for their ethnic/genealogical makeup to be made public knowledge: “Can someone explain why it’s bad if ppl know I’m 90.8% [English and Italian], 3.1% Scandinavian, 1.6% [French and German] 0.6% [Finnish] , & 3.9% broadly northwestern european?”
One commenter responded to their query, breaking down that this information could be harmful in the hands of those who discriminate against certain ethnic groups or folks who are prone/prediposed to certain illnesses by virtue of their genetic makeup. “1 single piece of data isn’t worth anything, but it can be worthy for big companies. F.e. to target or deny customers in this case,” the person wrote.
Another said that the implications of how such data could be used against folks are hard to predict, but there may be ways people get crafty with it. “all in all, it is quite literally the most important set of information you possess and we can’t foresee all the ways it could go wrong,” another user wrote.
In 2021, the NCSC published a report about the People’s Republic of China gathering genomic data on American citizens which it acquired “through both legal and illegal means.” The document also states, “While no one begrudges a nation conducting research to improve medical treatments, the PRC’s mass collection of DNA at home has helped it carry out human rights abuses against domestic minority groups and support state surveillance. The PRC’s collection of healthcare data from America poses equally serious risks, not only to the privacy of Americans, but also to the economic and national security of the U.S.”
NPR also reported that the Chinese government closely analyzed and monitored Uyghurs and discriminated against its citizens based on data collection of people’s specific DNA. “Genetic surveillance,” as the outlet puts it, has gone on in China for decades as a purported means of capturing alleged criminals.
More recently, the outlet states, this data collection was then used to distinguish whether or not Chinese citizens were Uyghurs, who were discriminated against by being rounded up into concentration camps where they were forced to endure unspeakable horrors, including sexual assault, forced chemical sterilization, and slave labor, as a result of this genetic surveillance.
The Daily Dot reached out to @that_investor via TikTok comment and 23andMe via email for further information.