23andMe says hackers accessed “a significant number of files containing profile information about other users’ ancestry” in a recent data breach.
In a filing with the US SEC, the DNA testing kit provider says hackers accessed around 14,000 customer accounts, accounting for 0.1% of its total customer base.
23andMe initially disclosed the hack in early October. At the time, a user in a hacker forum allegedly published records for 4 million 23andMe users, and a separate user in the same forum claimed to have stolen data from 7 million users on the site using credential stuffing technique.
Beyond the initially hacked accounts, 23andMe’s hack also impacted users who used the company’s DNA Relatives feature. Users who opted into the feature allow some of their personal information to be shared with others to whom they’re connected. In this case, if one of your relatives is a victim of the hack, the hacker could potentially see your information as well, presuming you opted into the feature
23andMe currently has more than 14 million customers worldwide. As a result of the data breach, the company required its users to reset and change their passwords, and last month, the company also required users to start using two-factor authentication.
