Genetic testing company 23andMe has taken precautionary measures to protect its users in the wake of a data leak incident. The company has requested all users to reset their passwords after it was revealed that hackers had obtained certain users’ data. While 23andMe has not classified the incident as a data breach, it confirmed that hackers had accessed accounts using passwords that were not unique to the service.
Key Takeaway
Amid concerns of a potential breach, 23andMe has taken decisive action by resetting user passwords and prioritizing the use of multi-factor authentication. The incident underscores the importance of unique passwords and proactive security measures in safeguarding personal data.
Details of the Incident
The data leak came to light after hackers advertised an alleged sample of 23andMe user data on a hacking forum. The sample reportedly contained the personal information of one million users of Jewish Ashkenazi descent and claimed to have the data of 100,000 Chinese users as well. The hackers were attempting to sell individual profiles for prices ranging from $1 to $10.
According to 23andMe, the compromised data was “compiled” from users who had opted into the DNA Relatives feature, which allows for the automatic sharing of data among users. This meant that a single account breach could potentially expose the data of multiple users who had chosen to participate in this feature.
Protective Measures Taken by 23andMe
23andMe has responded swiftly to the incident by requiring all users to reset their passwords. In addition, the company is actively encouraging the use of multi-factor authentication to enhance account security. It emphasizes that there is currently no evidence to suggest a data security incident within their systems or that 23andMe was the source of the compromised account credentials.
User Reactions
An anonymous 23andMe user, who has been a beta tester since 2012, expressed disappointment over the incident, stating that while 23andMe is a “cool product,” the breach was saddening considering the vast amount of personal information the company possesses. Other users reported receiving a message requesting a password reset upon attempting to log in to their accounts, indicating that the reset process is ongoing.