News
Hackers make off with ancestry info of 6.9 million 23andMe users
The fallout from the breach is still unfolding, with 23andMe insisting there’s been no data security incident within their systems.
Just a heads up, if you buy something through our links, we may get a small share of the sale. It’s one of the ways we keep the lights on here. Click here for more.
In a shocking genetic data heist, the personal ancestry data of nearly 7 million 23andMe users found itself in the grubby virtual hands of hackers.
What was initially brushed off as a minor breach of around 14,000 accounts turned out to be a much bigger mess than the genetic testing company could have imagined.
23andMe, the California-based company, had to swallow a bitter pill as it admitted to the gigantic breach.
The hackers, through an old-school technique known as “credential stuffing,” used old passwords to pry open the digital doors of 23andMe.
READ MORE: 23andMe pockets $20M from GSK to share anonymized DNA data
The company’s statement was a masterclass in corporate understatement, saying they “believe” hackers “may have” accessed accounts and “obtained information.” No kidding.
Ironically, it was 23andMe’s own DNA Relatives feature, designed to connect users with their long-lost genetic cousins, that proved to be its Achilles’ heel. This opt-in feature became the gateway for the hackers to access the personal data of about 5.5 million users.
As if that wasn’t enough, another 1.4 million users who had also opted into DNA Relatives had their family tree profiles accessed.
In the aftermath of the breach, the company was left scrambling to control the damage. But the internet’s underbelly was already abuzz. Hackers didn’t waste any time posting a sample of the stolen data on a dark web forum known as BreachForums.
According to TechCrunch, the hackers claimed that the sample contained 1 million data points exclusively about Ashkenazi Jews and hundreds of thousands of Chinese heritage users.
The fallout from the breach is still unfolding, with 23andMe insisting there’s been no data security incident within their systems. But with the data of 6.9 million users now out in the wild, the company might find that stance a little hard to maintain.
As it stands, it’s a grim reminder of the risks inherent in sharing your genetic data online. After all, you can’t change your DNA like you can change a password. And even when it comes to passwords, most of you are just reusing them, which is a huge no-no.
So, what is the moral of the story?
Get a password manager. It’s the best money you’ll ever spend. Looking for the best free password manager? Here, we rounded up all our favorites in this best free password manager roundup.
Have any thoughts on this? Drop us a line below in the comments, or carry the discussion to our Twitter or Facebook.
Editors’ Recommendations:
- 23andMe pockets $20M from GSK to share anonymized DNA data
- The FBI is accessing at-home DNA tests without our consent
- Twitter data breach exposes millions of email addresses
- LastPass reports new data breach but there’s no cause for panic