Genetic testing firm 23andMe faces a security breach, acknowledging that nearly 7 million users have fallen victim to hackers who accessed DNA data. The 23andMe breach, occurring in early October, not only compromised personal data but also exposed a substantial number of files containing users’ ancestry information.
23andMe Breach Impacted 7 Million Users Exposed
In a recent regulatory filing, 23andMe disclosed that the breach affected approximately 0.1% of its customers, translating to around 14,000 individuals. However, the company later confirmed to TechCrunch that the true magnitude of the breach extended to 6.9 million users, emphasizing the vulnerability of genetic information in the hands of malicious actors. The malefactors asserted that the exposed information encompassed individuals from the United Kingdom, and notably included some of the “wealthiest people living in the US and western Europe” within this compromised dataset.
When the company first disclosed the breach, it said it was likely that it was caused by customers reusing passwords. Ronnie Tokazowski, a longtime researcher of digital scams, said, “It just comes down to the fact that humans reuse their passwords – that’s what makes it possible. The fact that it’s claiming to target a Jewish population or celebrities – it’s not shocking. It reflects the underbelly of the internet.”
List of Exploited Features
The breach exploited the opt-in feature allowing DNA-related relatives to connect, revealing genetic data and compromising family tree profile information for an additional 1.4 million users. This included sensitive details such as names, relationship labels, birth years, and self-reported locations. The security lapse underscores the attack’s multifaceted nature, exposing genetic and genealogical data.
The cybercriminals initiated the sale of 23andMe profiles, pricing each account at a range of $1 to $10. These illicit transactions exposed information that disclosed specific details regarding genetic ancestry results, such as categories like “broadly European” or “broadly Arabian.” The hackers publicly disclosed user information from 23andMe, encompassing a staggering 4 million user records.
Read more: Samsung Data Breach Exposes Personal Information of UK Customers
