Friday brought a startling revelation from 23andMe, a leader in genetic testing: hackers had accessed the personal data of about 0.1% of their customers, roughly 14,000 individuals. But, the plot thickened as it turned out, these cyber intruders didn’t stop there. They also managed to pry into profiles containing ancestry information of numerous other users. Just how many were affected? Hold onto your hats: a staggering 6.9 million individuals. In a twist of events, details emerged indicating that the breach extended to around 5.5 million people who used the DNA Relatives feature of 23andMe.
This feature, designed to connect people through shared genetic markers, became a gateway for data theft. The compromised information included names, birth years, relationship labels, DNA sharing percentages, ancestry reports, and self-reported locations. Furthermore, another 1.4 million individuals who had opted into the DNA Relatives service found their Family Tree profile information accessed. This included display names, relationship labels, birth years, and locations. The disclosure of these numbers came after an initial statement from the company, raising questions about the delayed release of the full impact of the breach.
The scale of this breach is nothing short of monumental, impacting nearly half of 23andMe’s reported 14 million customers. It’s a wake-up call in the realm of digital privacy and security. Rewinding to earlier reports, a hacker claimed possession of 23andMe user data, showcasing this on a popular hacking forum. They offered data including details of one million users of Jewish Ashkenazi descent and 100,000 Chinese users, with prices ranging from $1 to $10 per account. Subsequently, they claimed to have records of an additional four million people.
Upon further investigation, it was found that another hacker had advertised a batch of supposedly stolen 23andMe customer data even earlier. Analyses of the leaked data revealed matches with genetic information publicly shared by genealogy enthusiasts. The similarities in the unique user and genetic data suggested the authenticity of the compromised 23andMe customer information. 23andMe attributed the breach to customers reusing passwords, which hackers exploited through brute-force attacks using known passwords from other data breaches.
This incident highlights a critical issue in the digital era: the security of our genetic information. It underscores the need for robust digital protections and raises significant concerns about the privacy and safety of sensitive personal data. In a world increasingly reliant on digital platforms, such incidents are a stark reminder of the vulnerabilities that exist and the importance of safeguarding our most personal information.
