pixel
Connect with us

News

Hackers make off with ancestry info of 6.9 million 23andMe users

The fallout from the breach is still unfolding, with 23andMe insisting there’s been no data security incident within their systems.

23andme kit
Image: KnowTechie

Just a heads up, if you buy something through our links, we may get a small share of the sale. It’s one of the ways we keep the lights on here. Click here for more.

In a shocking genetic data heist, the personal ancestry data of nearly 7 million 23andMe users found itself in the grubby virtual hands of hackers.

What was initially brushed off as a minor breach of around 14,000 accounts turned out to be a much bigger mess than the genetic testing company could have imagined.

23andMe, the California-based company, had to swallow a bitter pill as it admitted to the gigantic breach.

The hackers, through an old-school technique known as “credential stuffing,” used old passwords to pry open the digital doors of 23andMe.

READ MORE: 23andMe pockets $20M from GSK to share anonymized DNA data

The company’s statement was a masterclass in corporate understatement, saying they “believe” hackers “may have” accessed accounts and “obtained information.” No kidding.

Ironically, it was 23andMe’s own DNA Relatives feature, designed to connect users with their long-lost genetic cousins, that proved to be its Achilles’ heel. This opt-in feature became the gateway for the hackers to access the personal data of about 5.5 million users.

As if that wasn’t enough, another 1.4 million users who had also opted into DNA Relatives had their family tree profiles accessed.

In the aftermath of the breach, the company was left scrambling to control the damage. But the internet’s underbelly was already abuzz. Hackers didn’t waste any time posting a sample of the stolen data on a dark web forum known as BreachForums.

According to TechCrunch, the hackers claimed that the sample contained 1 million data points exclusively about Ashkenazi Jews and hundreds of thousands of Chinese heritage users.

The fallout from the breach is still unfolding, with 23andMe insisting there’s been no data security incident within their systems. But with the data of 6.9 million users now out in the wild, the company might find that stance a little hard to maintain.

As it stands, it’s a grim reminder of the risks inherent in sharing your genetic data online. After all, you can’t change your DNA like you can change a password. And even when it comes to passwords, most of you are just reusing them, which is a huge no-no.

So, what is the moral of the story?

Get a password manager. It’s the best money you’ll ever spend. Looking for the best free password manager? Here, we rounded up all our favorites in this best free password manager roundup.

Have any thoughts on this? Drop us a line below in the comments, or carry the discussion to our Twitter or Facebook.

Editors’ Recommendations:

Follow us on Flipboard, Google News, or Apple News

Kevin is KnowTechie's founder and executive editor. With over 15 years of blogging experience in the tech industry, Kevin has transformed what was once a passion project into a full-blown tech news publication. Shoot him an email at kevin@knowtechie.com or find him on Mastodon or Post.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

More in News