23andMe Reveals Hackers Accessed Ancestry Data Of 'Significant Number' Of Users (UPDATED)

Editor’s note: The headline of this story has been updated to reflect that 23andMe ancestry data was hacked — not DNA data.

In a significant security breach, genetic testing company 23andMe Holding Co. (NASDAQ:ME), confirmed that hackers have accessed around 14,000 customer accounts and an undisclosed number of files containing users’ ancestry data.

What Happened: 23andMe disclosed in a recent U.S. Securities and Exchange Commission filing that a cyber attack had infiltrated 0.1% of its customer base. Given the company’s global customer count of over 14 million, this implies roughly 14,000 affected accounts, reported TechCrunch.

Besides gaining access to these accounts, hackers also acquired a significant number of files related to the ancestry profiles of other users who had used 23andMe’s DNA Relatives feature. The number of files and users impacted is yet to be revealed.

See Also: ‘Cancel Disney Plus,’ ‘Cancel Hulu’ Become Trending Topics After Elon Musk Battle With Media Company: Should Disney Be Worried?

The hackers utilized a method called “credential stuffing” during the breach in early October to acquire user data. This approach involves the use of a compromised password, potentially leaked from another service’s data breach.

The information stolen for the initial 14,000 users primarily included ancestry data and health-related data for some accounts based on user genetics. For the remaining users, the hackers stole “profile information” and published certain unspecified data online.

In the aftermath of the breach, 23andMe implemented password resets and multi-factor authentication for all users, as stated in the new filing. Other DNA testing companies, such as Ancestry and MyHeritage, have since adopted two-factor authentication.

Why It Matters: In early October, an unidentified hacker stole personal genetic data from millions of 23andMe customer accounts. The stolen data, including email addresses, photos, and DNA ancestries, was allegedly available for sale in the shadowy corners of a hacker forum.

This latest breach underscores the growing concerns about privacy and security in the rapidly evolving field of genetic testing.

Read Next: VIX At Pre-Pandemic Low: Is Wall Street’s Fear Gauge Mispricing Risk Of Downturn?

Image Via Shutterstock