23andMe confirms nearly 7 million customers affected in data leak2023-12-05 14:02 by Daniela
Tags: 23andMe, hackers, data breach
Nearly 7 million 23andMe customers had their profile data leaked in a cybersecurity incident in October. The vast majority of the leaked data was scraped from the site's DNA Relatives feature after hackers used stolen credentials to directly access about 14,000 accounts, which represents 0.1% of users. The information stolen included display names, ancestry reports and sensitive "health-related" information, according to the company.
Privacy advocates have long warned that sharing DNA with testing companies like 23andMe and Ancestry makes consumers vulnerable to the exposure of sensitive genetic information that can reveal health risks of individuals and those who are related to them.
There have been other high-profile hacks of DNA testing companies. But 23andMe is the first breach of a major company in which the exposure of health information was publicly disclosed. (The Federal Trade Commission recently ordered a smaller firm, Vitagene, to strengthen protections after health information was exposed.)
In the case of 23andMe, the hackers reused old usernames and passwords from other websites to break into 23andMe customer accounts - a rudimentary but effective technique called credential stuffing. The company said there was no evidence of a breach within its own systems.
Since the hack, the company announced that it will require two-factor authentication in order to protect against credential-stuffing attacks on the site. It has said it expects to incur $1 million to $2 million in costs related to the breach.
Read more -here-