Hackers steal personal data of 6.9 million 23andMe customers, including DNA info
12/06/2023 // Cassie B. // Views

After initially claiming that hackers had accessed personal data belonging to 14,000 of its customers on Friday, the genetic testing company 23andMe now admits that the number of affected users is actually far higher at 6.9 million. This represents nearly half of their customer base, which totals 14 million.

According to a statement by the company, the breach affected 5.5 million 23andMe users who enabled the DNA Relatives feature, which matches members with people whose genetic makeups are similar to their own. Meanwhile, the family trees of a further 1.4 million individuals were accessed.

The cyber attack was carried out using a method known as credential stuffing. This entails logging into a website using account information that was obtained via previous security breaches. For example, when a website is breached and user passwords are compromised, cyber criminals can use brute force to attempt to log into other websites using the same combination of usernames or e-mail address and passwords. This is why internet users are advised not to reuse the same password across multiple services.

In this case, credential stuffing was used to access the 14,000 users who were initially reported as part of the breach. Once those accounts were accessed, the cyber criminals used the DNA Relatives feature to access information from millions of additional users who shared ancestry with those who were initially compromised.

The company said in a statement: "We do not have any indication that there has been a breach or data security incident within our systems, or that 23andMe was the source of the account credentials used in these attacks."

User information being sold on the dark web

The site's security issues go back to at least October, when they confirmed that information belonging to their users was being sold on the dark web. Shortly thereafter, they announced they were investigating claims made by a hacker that they had leaked 4 million genetic profiles from some of the wealthiest individuals in the U.S. as well as Western Europe.

One hacker published what they claimed was the data of a million users who have Jewish Ashkenazi descent and 100,000 users with Chinese heritage to prove they had hacked the accounts.

Some of the data that was exposed in the latest attack included display names, the amount of DNA that users share with the individuals matched to them by the system, ancestry reports, people's predicted relationships with other people, ancestor birth locations, profile pictures, family names and self-reported locations.

The company has said that it is currently in the process of notifying all of the users who are affected by the attack. They have also issued warnings to their users to create new passwords. In addition, they have implemented two-step authentication for all users; this extra security measure was optional on the site in the past.

Users should be cautious about sharing information with companies online

Many people are surprised that the company wasn’t already using two-factor authentication and other account protections, and 23andMe has not yet answered questions about whether they anticipated the possibility that a subset of users who do not adhere to cybersecurity best practices could place the personal data of millions of other users at risk.

However, it is also important for people who put this information out there to understand the very real potential for their private data to be breached. These days, the best approach is to assume that any information that is shared with companies online could potentially be stolen and shared with the world. When it comes to DNA tests in particular, however, users should consider just how valuable this type of data is to cyber criminals and proceed accordingly.

Sources for this article include:



Take Action:
Support Natural News by linking to this article from your website.
Permalink to this article:
Embed article link:
Reprinting this article:
Non-commercial use is permitted with credit to NaturalNews.com (including a clickable link).
Please contact us for more information.
Free Email Alerts
Get independent news alerts on natural cures, food lab tests, cannabis medicine, science, robotics, drones, privacy and more.
App Store
Android App
eTrust Pro Certified

This site is part of the Natural News Network © 2022 All Rights Reserved. Privacy | Terms All content posted on this site is commentary or opinion and is protected under Free Speech. Truth Publishing International, LTD. is not responsible for content written by contributing authors. The information on this site is provided for educational and entertainment purposes only. It is not intended as a substitute for professional advice of any kind. Truth Publishing assumes no responsibility for the use or misuse of this material. Your use of this website indicates your agreement to these terms and those published here. All trademarks, registered trademarks and servicemarks mentioned on this site are the property of their respective owners.

This site uses cookies
Natural News uses cookies to improve your experience on our site. By using this site, you agree to our privacy policy.
Learn More
Get 100% real, uncensored news delivered straight to your inbox
You can unsubscribe at any time. Your email privacy is completely protected.