23andMe Confirm Hackers Have Access To Data On 6.9M Users

Uploaded on 2023-12-11 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW

Hackers have got access and stole personal data belonging to 6.9 million people who used services from the genetic testing company 23andMe first reported in October. Now, the company has disclosed, that by accessing those accounts, hackers were also able to access “a significant number of files containing profile information about other users’ ancestry.” 

The stolen data included the person’s name, birth year, relationship labels, the percentage of DNA shared with relatives, ancestry reports and self-reported location.

As proof that they stole the personal data, hackers published an initial sample of 1 million data points about users with Ashkenazi Jewish heritage, including people’s full names, birth years, location information and more. They also reportedly published a separate sample with information about more than 300,000 users with Chinese heritage.

The hackers gained access to some customer accounts through reused passwords and then were able to access 14,000 accounts, less than 0.1 per cent of the user base, using these usernames and passwords that had previously been leaked. Using this, the hackers were able to access information from millions more accounts through 23andMe’s DNA Relatives and Family Tree features, which allow users to share information with other users they are genetically linked to.

23andMe has not disclosed how many “other users” were impacted by the breach that was originally disclosed in October.  However, there were a lot of “other users” who were victims of this data breach and at least 6.9 million individuals were affected in total.

23andMe has confirmed that another group of about 1.4 million people who opted-in to DNA Relatives also “had their Family Tree profile information accessed,” which includes display names, relationship labels, birth year, self-reported location and whether the user decided to share their information, the spokesperson said. 

Because of the way that the DNA Relatives feature matches users with their relatives, by hacking into one individual account, the hackers were able to see the personal data of both the account holder as well as their relatives, which magnified the total number of 23andMe victims.

23andMe:     NBC:    KIRO 7:     Global News:    Program Business:    Techcrunch:     Image: Unspalsh

You Might Also Read: 

A Major Breach In Biometrics Security Database:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 


 

« USA & Britain Accuse Russia Of Hacking
Too Many Corporate Employees Ignore Cyber Security »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

European Internet Forum (EIF)

European Internet Forum (EIF)

EIF’s mission is to help provide European political leadership for the political, economic and social challenges of the worldwide digital transformation.

TZ-CERT

TZ-CERT

TZ-CERT is the National Computer Emergence Response Team of Tanzania.

Ikarus Security Software

Ikarus Security Software

Ikarus focuses on antivirus and content-security solutions.

HelseCERT

HelseCERT

HelseCERT is the health and care sector's national information security center for Norway.

Sandline Discovery

Sandline Discovery

Sandline Discovery provides digital forensics, eDiscovery solutions, managed review and litigation consulting services.

CERT.lu

CERT.lu

CERT.lu is an initiative to enhance cyber security practices and techniques, and support security professionals in Luxembourg.

MrLooquer

MrLooquer

MrLooquer provide a solution to automatically discover the assets of organizations on the internet, determine the level of exposure to attacks and help to manage risk accurately.

Sequoia Capital

Sequoia Capital

Sequoia Capital is a venture capital firm focused mainly on technology. We partner both with young companies finding their stride and established ones looking for growth.

Avertro

Avertro

Avertro helps leaders manage the business of cyber. We help explain cybersecurity to executives, forecasting outcomes, right-sizing your spend, and validating your cyber strategy.

FortifyIQ

FortifyIQ

FortifyIQ's mission is to advance maximum security against side-channel attacks across the entire computing spectrum.

AirDroid Business

AirDroid Business

AirDroid Business is an efficient mobile device management solution for Android devices, helping businesses to remotely control and access devices in large quantities using a centralized approach.

Azerbaijan Cybersecurity Center (ACC)

Azerbaijan Cybersecurity Center (ACC)

Azerbaijan Cybersecurity Center is a state-of-the-art facility to deliver advanced cyber training programs and build the next generation of Azerbaijan’s cybersecurity professionals.

Ivolv Cybersecurity

Ivolv Cybersecurity

Ivolv is here to assist your organization in building effective protection and resilience against cyber attacks.

GitLab

GitLab

GitLab is a complete DevOps platform, delivered as a single application, fundamentally changing the way Development, Security, and Ops teams collaborate and build software.

Octopus Cybersecurity

Octopus Cybersecurity

Octopus VAR is a Validation, Analysis and Reporting tool that gives risk managers and CISOs a powerful control mechanism and a deep view of operational risks.

SmartSea

SmartSea

SmartSea, a pioneering venture founded in collaboration with SITA, a global leader in aviation technology, is setting new standards in maritime digital transformation.