23andMe Confirm Hackers Have Access To Data On 6.9M Users

Hackers have got access and stole personal data belonging to 6.9 million people who used services from the genetic testing company 23andMe first reported in October. Now, the company has disclosed, that by accessing those accounts, hackers were also able to access “a significant number of files containing profile information about other users’ ancestry.” 

The stolen data included the person’s name, birth year, relationship labels, the percentage of DNA shared with relatives, ancestry reports and self-reported location.

As proof that they stole the personal data, hackers published an initial sample of 1 million data points about users with Ashkenazi Jewish heritage, including people’s full names, birth years, location information and more. They also reportedly published a separate sample with information about more than 300,000 users with Chinese heritage.

The hackers gained access to some customer accounts through reused passwords and then were able to access 14,000 accounts, less than 0.1 per cent of the user base, using these usernames and passwords that had previously been leaked. Using this, the hackers were able to access information from millions more accounts through 23andMe’s DNA Relatives and Family Tree features, which allow users to share information with other users they are genetically linked to.

23andMe has not disclosed how many “other users” were impacted by the breach that was originally disclosed in October.  However, there were a lot of “other users” who were victims of this data breach and at least 6.9 million individuals were affected in total.

23andMe has confirmed that another group of about 1.4 million people who opted-in to DNA Relatives also “had their Family Tree profile information accessed,” which includes display names, relationship labels, birth year, self-reported location and whether the user decided to share their information, the spokesperson said. 

Because of the way that the DNA Relatives feature matches users with their relatives, by hacking into one individual account, the hackers were able to see the personal data of both the account holder as well as their relatives, which magnified the total number of 23andMe victims.

23andMe:     NBC:    KIRO 7:     Global News:    Program Business:    Techcrunch:     Image: Unspalsh

You Might Also Read: 

A Major Breach In Biometrics Security Database:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 


 

« USA & Britain Accuse Russia Of Hacking
Too Many Corporate Employees Ignore Cyber Security »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

softScheck

softScheck

softScheck is an IT security consultancy. Services range from pentesting and compliance testing to security auditing of software and IT infrastructure.

Equilibrium Security Services

Equilibrium Security Services

Equilibrium Security Services is a specialist cyber security company providing a full spectrum of IT security solutions from consultancy to design & implementation and managed security services.

Sepio Cyber

Sepio Cyber

Sepio is the leading asset risk management platform that operates on asset existence rather than activity.

Viasat

Viasat

Viasat is a provider of high-speed satellite broadband services and secure networking systems covering military and commercial markets.

LATRO Services

LATRO Services

LATRO Services is a complete solution provider to discover, locate, and eliminate telecom fraud.

Black Hills Information Security (BHIS)

Black Hills Information Security (BHIS)

Black Hills Information Security provide security testing and vulnerability assessment services.

Tetra Tech

Tetra Tech

Tetra Tech is a cybersecurity leader with extensive experience in supporting enterprise-wide programs and systems across multiple business lines from industrial control systems to health IT.

In Fidem

In Fidem

In Fidem specializes in information security management, with a bold approach that views cybersecurity as a springboard to organizational transformation rather than a barrier to innovation.

Harvey Nash

Harvey Nash

Harvey Nash is a leading global provider of talent and technology solutions.

European Union Agency for Network and Information Security (ENISA)

European Union Agency for Network and Information Security (ENISA)

The European Union Agency for Cybersecurity, ENISA, is the Union’s agency dedicated to achieving a high common level of cybersecurity across Europe.

Core4ce

Core4ce

Core4ce is a mission-oriented company that serves as a trusted partner to the national security community.

Irys Technologies

Irys Technologies

Irys Technologies specialize in pioneering digital transformation solutions designed to streamline communications and enhance maintenance and operational efficiency for a variety of sectors.

Cyberleaf

Cyberleaf

Cyberleaf is simplified managed cybersecurity for MSPs, enabling top tier cyber protection for small and medium enterprise.

Assura

Assura

Assura provides innovative cybersecurity advisory and managed services to all industries including government, healthcare, financial, manufacturing, and transportation sectors.

Corix Partners

Corix Partners

Corix Partners is a Boutique Management Consultancy Firm focused on assisting CIOs and other C-level executives in resolving Cyber Security Strategy, Organisation and Governance challenges.

CodeShield

CodeShield

CodeShield is a SaaS that helps software developers and security teams secure IAM in the public cloud. With us, you detect IAM privilege escalations easily and achieve least privilege.