23andMe, the popular DNA testing company that allows consumers to connect with relatives and learn more about their genetic health makeup, is coming under fire for a data breach that affects nearly seven million users.
In October, 23andMe was making headlines after hackers were targeting users with Ashkenazi Jewish and Chinese ancestry. At the time, the company didn’t call that incident a data breach, but opened an investigation to be able to better serve its users and protect their personal information.
Now, the company is confirming that hackers have accessed data from nearly half of its 14 million users. 23andMe has a great deal of consumers’ personal information, and this data breach is wide-reaching.
Who is affected?
Katie Watson, a spokesperson for 23andMe, told TechCrunch that there were two primary groups of users whose data has been compromised as a result of this hack.
The first consists of 5.5 million people who opted into 23andMe’s DNA Relatives feature. The second consists of another 1.4 million people who opted into the DNA Relatives feature and also had information from their Family Tree profiles accessed.
The DNA Relatives feature is designed to connect relatives through 23andMe’s platform. While the basics of the DNA report are easily viewable in the Relatives feature, the goal of this feature is to give relatives the opportunity to connect.
This means a lot of personal information is available there, including self-reported location, name, birth year, relationship labels, ancestry reports, and percentage of DNA shared with relatives.
With the data breach, all of that information – which is also available in the Family Tree – is no longer private or secure behind the 23andMe system.
How did the breach happen?
At the time of the original data breach in October, 23andMe reported that hackers were able to get into users' accounts because their passwords weren’t unique or strong enough.
A common practice among hackers is to hold onto passwords from previous data breaches and try them when new hacking opportunities present themselves. This worked to unlock a portion of users' accounts on 23andMe.
On top of that, users who opt in for the Relatives feature tend to have lighter security measures on their accounts, and more of their personal information is easily visible.
This made it easier for the hackers to expand their reach in terms of data stealing. Once they were able to access one user’s account, they could easily get to their relatives and start stealing their personal information, too.
What to do now
Per 23andMe’s blog post regarding this incident, the investigation is over, and the company will be contacting users who may be involved in the data breach.
The post says that the company is mandating two-step verification for all users, new and old, to enhance security. They are also requiring all customers to change their passwords to ensure their information stays private.
Photo Credit: Consumer Affairs News Department Images
Posted: 2023-12-05 11:59:58