Genetic testing company 23andMe has officially confirmed that personal data from approximately 6.9 million users, equivalent to roughly half of its total customer base, was stolen by hackers. The California-based company initially reported last week that hackers had compromised the personal data of 0.1% of its customers, roughly 14,000 individuals. The breach occurred as a result of customers using identical usernames and passwords on 23andMe as on other websites that had been previously compromised.
Hackers utilized “Credential Stuffed Accounts” to access around 5.5 million DNA Relatives profile files by compromising user accounts. Additionally, approximately 1.4 million customers engaged in the DNA Relatives feature had their Family Tree profile information accessed, representing a restricted subset of the DNA Relative profile details.
In response, a spokesperson from 23andMe informed FOX Business that the company had no evidence of a breach or data security incident within its systems. Furthermore, there was no indication that the company was the origin of the account credentials used in these attacks.
A company spokesperson stated, “To enhance the security of customer data, we have implemented measures such as mandating password resets for all existing customers and enforcing two-step verification for both new and existing customers. Ongoing investments are being made to fortify the protection of our systems and data.”
Recent developments follow the emergence of profile information from certain 23andMe customers on a dark web forum commonly utilized by hackers in early October. In an official blog post, 23andMe acknowledged that unauthorized access to 23andMe.com accounts may have occurred, with bad actors obtaining information from specific accounts. This included details about users’ DNA Relatives profiles, provided the user had opted into that particular service.
The bad actor did so “in instances where users recycled login credentials — that is, usernames and passwords that were used on 23andMe.com were the same as those used on other websites that have been previously hacked.”