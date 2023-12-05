Home Consumer 23andme Admits Hackers Accessed 6.9 Million Users’ DNA Relatives Data

23andme Admits Hackers Accessed 6.9 Million Users’ DNA Relatives Data

TheVerge.com
By Emma Roth

23andMe confirmed that a recent breach leaked data belonging to 6.9 million users. In an emailed statement to The Verge, company spokesperson Andy Kill says the breach affected around 5.5 million users who had DNA Relatives enabled, a feature that matches users with similar genetic makeups, while an additional 1.4 million people had their family tree profiles accessed.

In a filing with the Securities and Exchange Commission (SEC) and update to its blog post late on December 1st, 23andMe said a threat actor using a credential stuffing attack — logging in with account info obtained in other security breaches, usually due to password reuse — directly accessed 0.1 percent of user accounts, making up around 14,000 users. With access to those accounts, the attackers used the DNA Relatives feature, which matches people with other members they may share ancestry with, to access the additional information from millions of other profiles.

Its Friday statement noted the hacker also accessed “a significant number of files” via the Relatives feature but didn’t include the figure stated above.

