23andMe Confirm Hackers Have Access To Data On 6.9M Users

Hackers have got access and stole personal data belonging to 6.9 million people who used services from the genetic testing company 23andMe first reported in October. Now, the company has disclosed, that by accessing those accounts, hackers were also able to access “a significant number of files containing profile information about other users’ ancestry.” 

The stolen data included the person’s name, birth year, relationship labels, the percentage of DNA shared with relatives, ancestry reports and self-reported location.

As proof that they stole the personal data, hackers published an initial sample of 1 million data points about users with Ashkenazi Jewish heritage, including people’s full names, birth years, location information and more. They also reportedly published a separate sample with information about more than 300,000 users with Chinese heritage.

The hackers gained access to some customer accounts through reused passwords and then were able to access 14,000 accounts, less than 0.1 per cent of the user base, using these usernames and passwords that had previously been leaked. Using this, the hackers were able to access information from millions more accounts through 23andMe’s DNA Relatives and Family Tree features, which allow users to share information with other users they are genetically linked to.

23andMe has not disclosed how many “other users” were impacted by the breach that was originally disclosed in October.  However, there were a lot of “other users” who were victims of this data breach and at least 6.9 million individuals were affected in total.

23andMe has confirmed that another group of about 1.4 million people who opted-in to DNA Relatives also “had their Family Tree profile information accessed,” which includes display names, relationship labels, birth year, self-reported location and whether the user decided to share their information, the spokesperson said. 

Because of the way that the DNA Relatives feature matches users with their relatives, by hacking into one individual account, the hackers were able to see the personal data of both the account holder as well as their relatives, which magnified the total number of 23andMe victims.

23andMe:     NBC:    KIRO 7:     Global News:    Program Business:    Techcrunch:     Image: Unspalsh

You Might Also Read: 

A Major Breach In Biometrics Security Database:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 


 

« USA & Britain Accuse Russia Of Hacking
Too Many Corporate Employees Ignore Cyber Security »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

NXP Semiconductors

NXP Semiconductors

NXP is a world leader in secure connectivity solutions for embedded applications and the Internet of Things.

International School of IT Security (ISITS)

International School of IT Security (ISITS)

The International School of IT Security (ISITS) is a leading provider of professional training in the field of IT Security.

Egis Technology

Egis Technology

Egis specializes in the IC design, research and development, and the testing and sales of capacitive fingerprint sensor.

KayHut

KayHut

KayHut is a young, innovative company engaged in cyber research and security solutions.

Nexus Group

Nexus Group

Nexus Group develops identity solutions for physical and digital access.

Ergon Informatik

Ergon Informatik

Ergon Informatik AG is Switzerland's leading provider of customised software solutions and software products including fraud detection and the Airlock web security suite.

Information Systems Security Partners (ISSP)

Information Systems Security Partners (ISSP)

ISSP is a specialized system integrator focused on the information security needs of its corporate clients and providing best in class products and services for securing organizational information.

Czech Accreditation Institute

Czech Accreditation Institute

Czech Accreditation Institute is the national accreditation body for the Czech Republic. The directory of members provides details of organisations offering certification services for ISO 27001.

Inavate Consulting

Inavate Consulting

Inavate Consulting are experts in defining and implementing information assurance solutions and governance frameworks. Our ISO27001 consultants are the most experienced in the industry.

Fasken

Fasken

Fasken is one of the largest business law firms in Canada and a recognized leader in privacy and cybersecurity law.

Panacea Infosec

Panacea Infosec

Panacea Infosec is a leading provider of information security compliance services. We help our clients in protecting their data, reducing security risks and fighting cybercrime.

Tetra Defense

Tetra Defense

Tetra Defense is a leading incident response, cyber risk management and digital forensics firm.

Secure Cyber Defense

Secure Cyber Defense

Secure Cyber Defense provides expert cybersecurity consulting and managed detection and response services to companies, local government, schools and universities.

Pessimistic Security

Pessimistic Security

The team behind Pessimistic helps blockchain startups meet modern security challenges since 2017.

OpsHelm

OpsHelm

OpsHelm provides a Software-as-a-Service solution to help businesses ensure that all of their cloud environments have their security bases covered.

Approov

Approov

Approov provides a comprehensive runtime security solution for mobile apps and their APIs, unified across iOS and Android.