Genetic testing company 23andMe recently provided more information regarding a data breach that occurred in October. At that time, attackers managed to breach some user accounts and scrape personal data through the company’s opt-in, social sharing service called DNA Relatives. Initially, 23andMe did not disclose the number of affected users, but it was later discovered that hackers were selling data on underground forums, indicating that at least one million users’ data had been compromised.
However, in a recent filing with the US Securities and Exchange Commission, 23andMe announced that approximately 0.1% of user accounts, equivalent to approximately 14,000 users, had been accessed. It is important to note that this number does not include the users impacted by the attacker’s data-scraping from DNA Relatives, which involved a “significant number” of files containing profile information.
According to 23andMe, the personal data of about 5.5 million individuals who had opted into DNA Relatives was collected by the attackers. Additionally, data from an additional 1.4 million users who had their Family Tree profiles accessed was also compromised. The hackers stole various types of information from the group of 5.5 million users, including display names, login credentials, relationship labels, predicted relationships, and the percentage of DNA shared with DNA Relatives matches. In some cases, additional compromised data was also obtained.
The smaller subset of 1.4 million affected DNA Relatives users had specific data compromised from their “Family Tree” profiles. This included display names, relationship labels, birth years, and self-reported location data.
Although the SEC filing did not include this expanded information, a company spokesperson assured the public that they are providing more specific numbers. 23andMe continues to investigate the breach and has taken steps to enhance their security measures. They have also informed the affected users and advised them to update their passwords and remain vigilant against potential phishing attempts.
In light of this breach, 23andMe has been criticized for the vulnerability of its security measures and the potential risk to user privacy. The incident serves as a reminder of the importance of strong security protocols and the need for users to regularly update their passwords and exercise caution when sharing personal information online.
“Infuriatingly humble tv expert. Friendly student. Travel fanatic. Bacon fan. Unable to type with boxing gloves on.”