23andMe, the world’s leading consumer DNA collection organization, announced in a statement that hackers stole the DNA information of approximately 14,000 people, as well as a “significant number of files” about other users. But this definition of “significant number” may be much more important than it first appears. 23andMe lost the data of approximately 6.9 million users, including people’s genetic information, TechCrunch reported. So, we could be looking at a number thousands of times higher than the initial number the company reported.
A 23andMe spokesperson said in an email that hackers had extracted data from approximately 5.5 million users who had enabled the company’s “DNA Relatives” feature, including the person’s name, birth year, relationship tags, percentage of DNA users shared with relatives, ancestry reports and location. confirmed that it stole data. “Family Tree profile information of 1.4 million people registered with DNA Relatives was also accessed.”
The stolen data could also include ancestry reports and matching DNA segments (specifically where they and their relatives have matching DNA on their chromosomes), ancestral birthplaces and family names, profile pictures and anything included in the “Introduce yourself” section of users’ profiles, the spokesperson said. . All of this means that 23andMe has lost control of the data of nearly half of its 14 million users, not the 0.1% it specifically stated in its filing with the Securities and Exchange Commission.
DNA Relatives is just one of many data-sharing features the platform offers users when they sign up for a 23andMe account. A 23andMe spokesperson said the attack was a credential stuffing attack, meaning hackers gained access to individual accounts using usernames and passwords that people reused when signing up for 23andMe. Although it is possible for companies to use defense methods against such attacks, unfortunately users risk being the target of such attacks by using the same password and username in more than one place.
“We would like to point out that we have no indication that there has been a breach or data security incident of our systems or that 23andMe was the source of the account information used in these attacks,” the spokesperson says.
54295
