OpenSNP, a large open source repository for user-uploaded genetic data, will shut down and delete all of its data at the end of April, co-founder Bastian Greshake Tzovaras has confirmed.
In a blog post, openSNP’s Greshake Tzovaras attributed the decision to shutter the site due to concerns of data privacy following the financial collapse of 23andMe and the rise in authoritarian governments around the world.
Founded in 2011 by Greshake Tzovaras, along with Philipp Bayer and Helge Rausch, openSNP became an open and public repository for customers of commercial genetic testing kits, including 23andMe, to upload their test results and find others with similar genetic variations. The site had close to 13,000 users at the time of its closure announcement, making it one of the largest public repositories of genetic data. Since its founding, openSNP has touted its contributions to academic and scientific research, and identified more than 7,500 genomes.
News of openSNP’s shutdown comes in the wake of 23andMe filing for bankruptcy protection, intensifying concerns that the company’s vast banks of customers’ sensitive genetic data will be sold to the highest bidder, who may not adhere to 23andMe’s privacy commitments. The attorneys general for the states of California and New York, among others, have warned 23andMe customers to delete their data ahead of the court-approved selloff later this year.
Greshake Tzovaras also said a contributing factor in shutting down openSNP was the “rise in far-right and other authoritarian governments,” citing the removal of public data from the U.S. government’s websites soon after President Trump returned to power.
“The risk/benefit calculus of providing free and open access to individual genetic data in 2025 is very different compared to 14 years ago,” wrote Greshake Tzovaras. “Sunsetting openSNP — along with deleting the data stored within it — feels like it is the most responsible act of stewardship for these data today.”
When reached by TechCrunch, Greshake Tzovaras was blunt in his decision to shut down openSNP now and not sooner.
“The ‘why now’ to me is ultimately down to there being what counts for a fascist coup in the U.S.,” Greshake Tzovaras told TechCrunch, a native of Germany.
“Seeing people being disappeared from the streets under the most dubious pretexts really can’t be called anything else,” he said, referring to the recent reports of people living in the United States, including U.S. citizens, who have been arrested in immigration raids, some whose whereabouts remain unknown.
Greshake Tzovaras said the “wholesale dismantling of scientific institutions and science itself” since January — the beginning of the second Trump administration — was a factor in the shutdown of openSNP.
“I don’t think it’s a stretch to worry about how genetic data might be soon abused to make false claims about a variety of topics, effectively bringing back a darker eugenics age,” he said.
Greshake Tzovaras said openSNP has “always been a balancing act” between its potential uses and risks, and that the site’s existence has been an “ongoing thought of whether the benefits can outweigh the risks.”
In one historical example he gave — when law enforcement used genetic data from genealogy site GEDmatch in 2018 to identify a notorious serial killer — Greshake Tzovaras said openSNP seemed at the time like it was less relevant or at risk for use by law enforcement compared to larger ancestry-specific databases. (Greshake Tzovaras confirmed to TechCrunch that notwithstanding the open and public nature of the data it stores, openSNP has never received a law enforcement request for any genetic or user data.)
Greshake Tzovaras said that compared to the first Trump administration, “the misuse of science was both qualitatively and quantitatively very different than what we see today.”
“Alongside the larger conversation about the impact of genetic data in the context of 23andMe’s bankruptcy, we decided that it’s time to pull the plug,” Greshake Tzovaras told TechCrunch.
Greshake Tzovaras also told TechCrunch that on a positive reflection, keeping openSNP running for 14 years may be his “biggest achievement.” He said openSNP ran on about $100 per month, in the face of commercial startups that have worked to monetize people’s data yet ultimately failed. Greshake Tzovaras said that in that sense, openSNP “feels like a testament to the power of open source/culture.”
The site has also contributed to research and publications “across a wide range of disciplines — from infosec/privacy all the way to biomedical studies,” said Greshake Tzovaras. Many undergraduates also benefited from having access to real-world data hosted by openSNP, he said.
“In that sense, I think our hope of ‘democratizing’ access to genomics was at least partially successful,” said Greshake Tzovaras.
Updated to amend the name of openSNP’s name throughout.
Keep reading the article on Tech Crunch
Are you willing to hack and take control of Chinese websites for a random person for up to $100,000 a month?
Someone is making precisely that tantalizing, bizarre, and clearly sketchy job offer. The person is using what looks like a series of fake accounts with avatars displaying photos of attractive women and sliding into the direct messages of several cybersecurity professionals and researchers on X in the last couple of weeks.
“We are recruiting webshell engineers and teams to penetrate Chinese websites worldwide, with a monthly salary of up to $100,000. If you are interested, you can join our channel first,” read the message, which included a link to a Telegram channel.
For some reason, I also received this message from an X account named “Look at my homepage,” which had a username, @JerelLayce88010, that looked like it was randomly generated.
When I followed the link, I was able to see the admin of the channel, someone who goes by the name “Jack” and has an AI-generated avatar of a pirate.
“Are you proficient in penetration technology?” Jack asked me.
I am not, but I asked Jack to tell me more about their goals.
“Get webshells from Chinese registered domains. There is no specific target. As long as the domain is registered in China, it is our target range,” said Jack, referring to web shells, programs or scripts that hackers can use to control hacked web servers. “You need to understand China’s CMS” — referring to content management systems, the software that runs the backends of websites — “find loopholes, and be able to obtain webshells in batches. There is no upper limit to the number we need. The more the better. This is a long-term job. We can establish long-term cooperation.”
Yes, but crucially, why?
“What I need is China’s traffic,” Jack said, perhaps losing patience with my questions.
OK, but for what?
At this point, Jack definitely got tired of my questions and gave me an assignment: Get me three web shells on any domain registered in China so I know you have the skills. Generously, Jack offered me $100 for each hacked domain.
Alas, I still don’t have the skills to do that, nor the willingness to break the law. Instead I kept asking questions, including who Jack was working for. “Indian government,” Jack responded, although in a subsequent chat Jack contradicted that, blaming automatic translation, which they said they were using because Chinese is their first language.
I spoke to some of the researchers who got Jack’s strange job offer, and they were also puzzled. Nobody said they have gotten a malicious link, for example, or suspicious questions that would indicate some sort of doxing or scam campaign.
“I am guessing it’s a troll [rather] than some serious threat actor,” said s1r1us, a security researcher who received a DM from one of Jack’s sockpuppet accounts on X. “If they want to hire top talent this is not definitely the way.”
The Grugq, a well-known cybersecurity expert, told TechCrunch that he has never seen anything like this recruiting campaign. “I have seen [people] asking dumb questions and spamming for various cybersecurity-related things,” he said. “But never anything like the persistent, widespread, bizarre s— from this guy.”
According to The Grugq, perhaps the goal is to infect people inside China with malware, as it doesn’t make sense to use Chinese domains to launch DDoS attacks or spam, because that wouldn’t justify the high payment.
“I really can’t think of wtf they’re doing,” The Grugq concluded. “It makes no sense.”
And neither can anyone else, apparently. Godspeed, Jack, in whatever adventure you are embarking on.
Keep reading the article on Tech Crunch
Xiaofeng Wang, a longtime computer science professor at Indiana University, has disappeared along with his wife, and their profiles on the school’s website were wiped ahead of recent FBI raids.
Tech giant Oracle is facing criticism for how it’s handling two seemingly separate data breaches.
At least one of the incidents appears to still be unfolding, despite Oracle reportedly denying a breach at all. The other relates to a breach of patient data under the tech giant’s healthcare subsidiary, Oracle Health.
Oracle did not respond to TechCrunch’s request for comment about the two incidents.
The breach disclosed most recently involves Oracle Health, which provides hospitals and other healthcare providers with technology to access health records online. Oracle Health is a unit that was combined with Cerner, an electronic health records company that Oracle acquired in 2022 for $28 billion.
Bloomberg and Bleeping Computer reported last week that the breach affects patient data, although it’s unclear exactly what kinds of data were stolen, nor which organizations and companies that use Oracle Health are affected.
Oracle notified some of its healthcare customers in March of a breach that happened sometime earlier this year, in which hackers accessed Oracle servers and stole patient data, according to the publications.
Do you have more information about these two Oracle breaches? From a non-work device and network, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or email. You also can contact TechCrunch via SecureDrop.
“We are writing to inform you that, on or around February 20, 2025, we became aware of a cybersecurity event involving unauthorized access to some amount of your Cerner data that was on an old legacy server not yet migrated to the Oracle Cloud,” read the notification sent to some Oracle Health customers, according to Bleeping Computer.
Citing multiple sources, the news site reported that a hacker is trying to extort affected hospitals, reportedly demanding millions of dollars.
An Oracle employee, who asked to remain anonymous, as they were not authorized to speak to the press, told TechCrunch that the company hasn’t been very transparent even with its own employees.
“My team was not able to access customers’ environments for a number of days. My concern is not just with patient data breach. Access through hosts allows any and all access to what is hosted, obviously,” said the employee. “Some customers host other applications like HR and finance. I don’t know if it was hacker[-]accessed though.”
The employee said they had to look at Reddit and internal Slack channels “to even figure out something was being looked at.”
The employee said they “felt super ignored,” describing the situation as: “Nothing to see here, move right along.”
The employee, however, also said that they saw on Slack that some teams were given language to communicate with clients on March 4: “We will investigate the issue you are experiencing.”
The other separate breach involves Oracle Cloud servers. And in this case, too, Oracle is not being very transparent about what happened.
Earlier this month, a hacker going by the online handle rose87168 posted on a cybercrime forum offering the data of 6 million Oracle Cloud customers, including authentication data and encrypted passwords, as Bleeping Computer reported at the time.
To prove that they breached Oracle, rose87168 uploaded a text file containing their online handle that was hosted on an Oracle Cloud server.
Since, several Oracle customers have confirmed that data samples shared by the hacker appear genuine, pointing to further evidence of a breach at Oracle.
Strangely, Oracle denied that there was a breach at all.
“There has been no breach of Oracle Cloud. The published credentials are not for the Oracle Cloud. No Oracle Cloud customers experienced a breach or lost any data,” Oracle told the publication.
But not everyone is convinced.
“This is a serious cybersecurity incident which impacts customers, in a platform managed by Oracle,” cybersecurity expert Kevin Beaumont wrote in a blog post analyzing the alleged Oracle Cloud breach. “Oracle are attempting to wordsmith statements around Oracle Cloud and use very specific words to avoid responsibility. This is not okay.”
“Oracle need to clearly, openly and publicly communicate what happened, how it impacts customers, and what they’re doing about it. This is a matter of trust and responsibility. Step up, Oracle — or customers should start stepping off,” said Beaumont.
Commenting on one of the alleged Oracle breaches, cybersecurity expert Lisa Forte wrote on Bluesky that “if this ends up being true, and I struggle to see how it won’t, this is a very very bad look.”
Keep reading the article on Tech Crunch
API testing firm APIsec has confirmed it secured an exposed internal database containing customer data, which was connected to the internet for several days without a password.
The exposed APIsec database stored records dating back to 2018, including names and email addresses of its customers’ employees and users, as well as details about the security posture of APIsec’s corporate customers.
Much of the data was generated by APIsec as it monitors its customers’ APIs for security weaknesses, according to UpGuard, the security research firm that found the database.
UpGuard found the leaked data on March 5 and notified APIsec the same day. APIsec secured the database soon after.
APIsec, which claims to have worked with Fortune 500 companies, bills itself as a company that tests APIs for its various customers. APIs allow two things or more on the internet to communicate with each other, such as a company’s back-end systems with users accessing its app and website. Insecure APIs can be exploited to siphon sensitive data from a company’s systems.
In a now-published report, which was shared with TechCrunch prior to its release, UpGuard said the exposed data included information about attack surfaces of APIsec’s customers, such as details about whether multi-factor authentication was enabled on a customer’s account. UpGuard said this information could provide useful technical intelligence to a malicious adversary.
When reached for comment by TechCrunch, APIsec founder Faizel Lakhani initially downplayed the security lapse, saying that the database contained “test data” that APIsec uses to test and debug its product. Lakhani added that the database was “not our production database” and “no customer data was in the database.” Lakhani confirmed that the exposure was due to “human mistake,” and not a malicious incident.
“We quickly closed public access. The data in the database is not usable,” said Lakhani.
But UpGuard said it found evidence of information in the database relating to real-world corporate customers of APIsec, including the results of scans from its customers’ API endpoints for security issues.
The data also included some personal information of its customers’ employees and users, including names and email addresses, UpGuard said.
Lakhani backtracked when TechCrunch provided the company with evidence of leaked customer data. In a later email, the founder said the company completed an investigation on the day of UpGuard’s report and “went back and redid the investigation again this week.”
Lakhani said the company subsequently notified customers whose personal information was in the database that was publicly accessible. Lakhani would not provide TechCrunch, when asked, a copy of the data breach notice that the company allegedly sent to customers.
Lakhani declined to comment further when asked if the company plans to notify state attorneys general as required by data breach notification laws.
UpGuard also found a set of private keys for AWS and credentials for a Slack account and GitHub account in the dataset, but the researchers could not determine if the credentials were active, as using the credentials without permission would be unlawful. APIsec said the keys belonged to a former employee who left the company two years ago and were disabled upon their departure. It’s not clear why the AWS keys were left in the database.
Keep reading the article on Tech Crunch
An unsecured database used by a generative AI app revealed prompts and tens of thousands of explicit images—some of which are likely illegal. The company deleted its websites after WIRED reached out.