Over 6.9 Million Users' Profiles Breached at 23andMe

Hackers have recently breached the personal information of approximately 6.9 million users of genetic testing company 23andMe, exploiting users' old passwords. This data breach allowed the hackers access to various details, including family trees, birth years, and geographic locations, but DNA records remained untouched. Approximately half of the company's customers were affected by the breach. 23andMe, a prominent figure in the ancestor-tracing industry, offers genetic testing services that provide ancestry breakdowns and personalized health insights based on DNA analysis. The breach itself did not occur within the company's systems, rather cyber-criminals gained entry to roughly 0.1% of customers' accounts using email and password combinations previously exposed in other hacks. By infiltrating these accounts, the hackers were able to access numerous files containing profile information about other users' genealogy. Moreover, the stolen data also contained sensitive details like names, birth years, locations, pictures, addresses, and the percentage of DNA shared among relatives. The breach further allowed access to the family tree profile information of an additional 1.4 million customers involved in the DNA relatives feature, which included display names and relationship labels. One of the data batches advertised on a hacking forum was labeled as a list of individuals with Jewish ancestry, causing concerns about targeted attacks. However, there is no evidence as of yet that any of the advertised datasets have been purchased or used by criminals. Oz Alashe, CEO of CybSafe, emphasized that this breach underscores the significance of improving cybersecurity practices among the general population. He noted that poorly secured accounts with weak passwords and the absence of two-factor authentication pose risks to individuals sharing their sensitive data. 23andMe confirmed that it will inform all affected users as required by law, and customers will be compelled to change their passwords and enhance their account security measures.