News
23andMe urges users to change passwords after major data breach
The cherry on top? The hacker started selling data profiles in bulk
Just a heads up, if you buy something through our links, we may get a small share of the sale. It’s one of the ways we keep the lights on here. Click here for more.
Well, folks, it looks like 23andMe has gone and gotten themselves hacked.
Yep, the DNA testing company that’s been helping people dig into their ancestry got their user data dumped onto hacker forums. Not great!
Let’s break down 23andMe’s recent data breach.
According to this BleepingComputer report, the breach was a result of a credential-stuffing attack. For those not in the know, this is when hackers take stolen usernames and passwords from one platform and try their luck on another.
In this case, the unlucky platform was 23andMe.
And folks, the fallout ain’t pretty. We’re talking full names, profile photos, genetic ancestry results, birth dates, and geographical locations exposed.
The cherry on top? The hacker started selling data profiles in bulk. Talk about a yard sale gone wrong.
23andMe Responds, but it’s on you to protect yourself
Now, 23andMe was quick to jump into damage control mode. They assured users that their internal systems were as secure as Fort Knox.
According to their statement, the login credentials used were gathered by the hacker from data leaked during other incidents. This basically means if you’re using the same password for your email, Netflix, and 23andMe accounts, you might be in trouble.
We do not have any indication at this time that there has been a data security incident within our systems. Rather, the preliminary results of this investigation suggest that the login credentials used in these access attempts may have been gathered by a threat actor from data leaked during incidents involving other online platforms where users have recycled login credentials.
We believe that the threat actor may have then, in violation of our terms of service, accessed 23andme.com accounts without authorization and obtained information from those accounts. We are taking this issue seriously and will continue our investigation to confirm these preliminary results.
What can 23andMe users do?
So what’s a 23andMe user to do in this situation? Here are a few tips:
- Keep an eye on your accounts for any unusual activity. If your DNA results suddenly show you’re related to the Queen of England, you might want to flag that.
- Report any suspicious behavior to 23andMe immediately.
- Stop reusing passwords! It’s like using the same key for your house, car, and safety deposit box. Not a good idea, right?
- Use strong, unique passwords for every online account you have. Yes, it’s a pain to remember them all, but that’s what password managers are for.
This breach is an unfortunate reminder that you need to take cybersecurity seriously. Companies can’t fully protect your data – it’s on you to adopt safe practices like unique passwords.
READ MORE: Best free password managers
Hackers don’t care if you’re some rando or a Fortune 500 biz – they’re coming for those sweet, sweet user deets.
So listen up, people: you gotta start taking online security seriously and stop using “password123” for everything. Actually, don’t take it seriously because that sounds boring.
Take it seriously. Like, go full-on paranoid. Assume there’s a hacker peeking through your webcam at all times. Because at the end of the day, an ounce of breach prevention is worth a pound of credit freeze.
Have any thoughts on this? Drop us a line below in the comments, or carry the discussion to our Twitter or Facebook.
Editors’ Recommendations:
- Twitter data breach exposes millions of email addresses
- LastPass reports new data breach but there’s no cause for panic
- Hate passwords? Get 3 free months of Dashlane Premium
- Netflix’s password shakedown begins now, $8 per user
Follow us on Flipboard, Google News, or Apple News
