DNA testing firm reveals data of 6.9m people hacked
The hack affected millions of people using a feature to find potential family members
(Web Desk) - Home DNA testing company 23andMe has confirmed that 6.9 million people — or about half its purported customer base of 14 million people — had information stolen during an October hack.
The breach affected customers who had opted in to the services' DNA Relatives feature, which enables people to find potential family members through their DNA, the company confirmed.
In a filing on Friday with the Securities and Exchange Commission, 23andMe stated 0.1% of its customers' accounts were accessed in the October attack.
A 23andMe spokesperson confirmed for The Messenger that "we have determined that the threat actor was able to access a very small percentage (0.1%) of user accounts (14,000) in instances where usernames and passwords that were used on the 23andMe website were the same as those used on other websites that had been previously compromised or were otherwise available."
Through these accounts, the attackers were then able to access some information about other users connected to these accounts through the service's DNA Relatives feature.
If a customer opts in to the DNA Relatives feature, then certain information is automatically shared with potential relatives, so the smaller pool of targeted accounts allowed the hackers to access many other users' data including peoples' names, birth years, ancestry information and their self-reported locations.
23andMe told The Messenger that the attackers accessed approximately 5.5 million people's DNA Relatives profiles, which can include ancestry information and DNA matching data, and that another 1.4 million people who had opted in to the DNA Relatives feature had their Family Tree profiles accessed, which does not include ancestry information or DNA matching information.