Notebookcheck Logo

Genetic testing company 23andMe discloses security breach affecting 6.9 million users

Almost 7 million 23andMe users were affected in a recent data breach. (Image via 23andMe w/ edits)
Almost 7 million 23andMe users were affected in a recent data breach. (Image via 23andMe w/ edits)
23andMe, a company known for tracing ancestry via genetic testing, recently closed an investigation into unauthorized access of user accounts. The investigation revealed that roughly 6.9 user accounts were affected in the breach, largely via automatic data sharing features within the platform.

Bad news if you have a 23andMe account: the popular genetics testing company recently reported a massive data breach that affected 6.9 million users of its various services.

The report comes as the conclusion of an ongoing investigation into a data breach discovered in early October. The investigation revealed that over 14,000 user accounts were accessed by unauthorized parties (i.e., hackers).

While this is a relatively small scale breach, a feature that links various accounts across 23andMe's different services allowed the hackers to access the personal data of 6.9 million users. The malicious party accessed the personal data of toughly 5.5 million DNA Relatives profiles and about 1.4 million Family Tree profiles. These profiles share data automatically to match users with potential relations across 23andMe. 

These features exposed a variety of personal identifiers, including users' names, locations, birth years, relations to other users, ancestry reports, and more. 

The hackers gained access to the initial 14,000 accounts via a technique known as "credential stuffing," which occurs when password and usernames from other compromised websites are the same as a targeted website. In other words, the compromised accounts had usernames and passwords that were used on other websites that had prior data breaches. This attack is an important reminder to everyone to use a different username and password for each website. 

23andMe stated that, to the extent the law requires, it will notify existing customers. The platform is also enforcing two-factor authentication (2FA) practices for new and current users. Existing customers will be enrolled in an email verification system for 2FA. 

Buy the Yubico YubiKey 5Ci hardware security key on Amazon.

Source(s)

Read all 1 comments / answer
static version load dynamic
Loading Comments
Comment on this article
Please share our article, every link counts!
Mail Logo
> Expert Reviews and News on Laptops, Smartphones and Tech Innovations > News > News Archive > Newsarchive 2023 12 > Genetic testing company 23andMe discloses security breach affecting 6.9 million users
Sam Medley, 2023-12- 6 (Update: 2023-12- 6)