In a recent announcement, genetic testing company 23andMe revealed that the personal data of approximately 6.9 million users had been stolen by hackers. This staggering number is significantly higher than the initial disclosure of 14,000 individuals affected that was made in early October. The breach primarily targeted users who opted-in to 23andMe’s DNA Relatives feature, which allows for the sharing of genetic information with other customers.
Key Takeaway
Genetic testing company 23andMe has confirmed a significant data breach, exposing the ancestry data of approximately 6.9 million users. The breach primarily affects individuals who opted-in to the DNA Relatives feature, compromising their personal information as well as that of their relatives. The company attributes the breach to customers reusing passwords and urges users to ensure strong and unique passwords to protect their accounts.
The Extent of the Data Breach
According to a spokesperson from 23andMe, the stolen information includes personal details of approximately 5.5 million individuals who opted-in to the DNA Relatives feature. This compromised data consists of names, birth years, relationship labels, the percentage of shared DNA with relatives, ancestry reports, and self-reported locations.
Additionally, another group of about 1.4 million individuals who also opted-in to DNA Relatives had their Family Tree profile information accessed. This data includes display names, relationship labels, birth years, self-reported locations, and sharing preferences.
The company did not provide a reason for not disclosing these additional numbers in their initial disclosure statement.
The Implications for 23andMe Users
This data breach has significant implications for 23andMe’s customer base, as it affects approximately half of their reported 14 million users. The stolen information could potentially be used for fraudulent activities, compromising the privacy and security of those impacted.
It is worth noting that a hacker had previously claimed to have stolen DNA information from 23andMe users. This claim was substantiated by the release of alleged data on a well-known hacking forum.
Upon analyzing the leaked data, it was discovered that some records matched genetic data published online by hobbyists and genealogists. While the formats differed, both sets of information contained certain unique user and generic data, indicating the authenticity of at least some of the stolen 23andMe customer data.
The Cause of the Data Breach
23andMe attributed the data breach to customers reusing passwords, allowing hackers to gain unauthorized access to their accounts. The attackers were able to exploit this vulnerability by using passwords that had been previously exposed in other data breaches.
One of the concerning factors related to this breach is the way DNA Relatives feature functions. By hacking into a single account, the hackers were able to access the personal data of not only the account holder but also their relatives, exponentially increasing the number of affected individuals.
