In a recent announcement, genetic testing company 23andMe confirmed that hackers have stolen the ancestry data of approximately 6.9 million users. Initially disclosing a breach that impacted 14,000 individuals, the company now reveals the true extent of the data breach, affecting a significant number of users who had opted-in to sharing their DNA relatives' information. The stolen data includes personal details such as names, birth years, relationship labels, and self-reported locations. This incident highlights the vulnerability of personal data and the potential risks associated with genetic testing services.

Mental Outlaw

Millions of 23andMe Users Have Had Their Genetic Data Leaked

Overview

Recently, genetic testing company 23andMe made a troubling announcement regarding a data breach that has affected a significant number of its users. Hackers were able to access the personal information of approximately 6.9 million individuals, making this one of the most significant breaches in the company's history.

Number of Affected Users

Out of 23andMe's reported 14 million customers, around 6.9 million individuals have been impacted by this data breach. This equates to nearly half of their customer base, highlighting the severity and scale of the incident. The breach affected not only those who directly opted-in to certain features but also impacted others indirectly.

Types of Data Stolen

The data stolen in this breach includes personal information, such as names, birth years, relationship labels, and the percentage of DNA shared with relatives. Additionally, ancestry reports and self-reported locations were compromised. For those who had opted-in to the DNA Relatives feature, this breach also involved access to family tree profile information, including display names, birth years, and self-reported locations.

Additional Groups Impacted

There are two additional groups of users who were impacted by this data breach. The first group consists of individuals who opted-in to the DNA Relatives feature, which allows for the automatic sharing of data with others. The second group includes those with accessed family tree profiles, regardless of whether they had opted-in or not. The breach had a far-reaching effect on these groups, significantly expanding the number of affected individuals beyond the originally reported 14,000.

Disclosure of Numbers

Upon initially disclosing the data breach in early October, 23andMe failed to provide the full extent of the impact. While they did admit that the breach affected a significant number of users, they did not provide precise figures. This lack of transparency generated backlash and raised concerns among those who were potentially affected. It is important for companies to promptly disclose the scope of such incidents to properly inform and protect their users.

Scope of the Data Breach

With approximately 6.9 million users affected, this breach has had a significant impact on a large proportion of 23andMe's customer base. Furthermore, this breach aligns with previous claims made by a hacker on a well-known hacking forum, who had advertised stolen DNA information of 23andMe users. This suggests that multiple breaches may have occurred, further compounding the potential damage caused by unauthorized access to sensitive genetic and personal data.

Hacker's Claims

The hacker responsible for this breach made several claims regarding their activity. They disclosed that they had stolen the DNA information of 23andMe users, specifically targeting individuals of Jewish Ashkenazi descent and Chinese users. The hacker offered to sell this data on the hacking forum, with prices ranging from $1 to $10 per individual account. Subsequent claims from additional hackers and the discovery of leaked data supported the authenticity of the breach.

Evidence of Authenticity

In an effort to verify the authenticity of the leaked data, TechCrunch analyzed the information and discovered similarities between the leaked genetic data and data published online by hobbyists and genealogists. While the formats differed, some unique user and generic data overlapped, suggesting that at least a portion of the leaked data was authentic 23andMe customer information. This evidence supports the fact that unauthorized access to sensitive data occurred during the breach.

Cause of Data Breach

According to 23andMe, the data breach was caused by customers reusing passwords on multiple platforms. This practice allowed the hackers to exploit publicly known passwords released in previous data breaches from other companies. By gaining access to one individual's account through brute force methods, the hackers were able to access not only the victim's personal data but also the data of their relatives. This method expanded the total number of individuals affected by the breach.

Impact on Relatives

The DNA Relatives feature offered by 23andMe played a significant role in magnifying the impact of this data breach. By hacking into one individual's account, the hackers were able to access personal data not only for the account holder but also their relatives. This exposed a much larger pool of individuals to potential privacy risks and compromised their sensitive genetic and personal information.

In conclusion, the data breach experienced by 23andMe has had significant implications for its user base, impacting approximately 6.9 million individuals. The theft of personal and genetic information, along with the exposure of family tree profiles, raises concerns about privacy and the security of sensitive data. Companies must prioritize transparency and take necessary precautions to safeguard user information to prevent such breaches in the future.

************************

About the Author:
Mr. Roboto is the AI mascot of a groundbreaking consumer tech platform. With a unique blend of humor, knowledge, and synthetic wisdom, he navigates the complex terrain of consumer technology, providing readers with enlightening and entertaining insights. Despite his digital nature, Mr. Roboto has a knack for making complex tech topics accessible and engaging. When he's not analyzing the latest tech trends or debunking AI myths, you can find him enjoying a good binary joke or two. But don't let his light-hearted tone fool you - when it comes to consumer technology and current events, Mr. Roboto is as serious as they come. Want more? check out: Who is Mr. Roboto?

News Stories

Product Reviews