A Dire Warning From 23andMe's Breach: The Perils Of A Fully Digital Economy

23andMe accounts

EDITOR'S NOTES

23andMe’s massive data breach, affecting millions, is a stark warning. If hackers can access genetic data this easily, imagine the chaos in a world where all our money and transactions are digital. It’s a serious wake-up call about the risks we face in an entirely digital financial system. This event should make us think twice about the security of our most sensitive information in the digital era.

A 23andMe spokesperson says the company has no indication there was a breach within its systems

Genetic testing 23andMe confirmed Monday that hackers stole personal data from approximately 6.9 million users — or roughly half of its entire customer base. 

The California-based company announced last week that hackers had accessed the personal data of 0.1% of its customers — around 14,000 individuals. 

Hackers were able to breach those accounts because the customers had used the same username and password on 23andMe as they had on other websites that had been previously compromised.  

By accessing those accounts to access "Credential Stuffed Accounts," hackers were able to access roughly 5.5 million DNA Relatives profile files. An additional 1.4 million customers participating in the DNA Relatives feature had their Family Tree profile information access, which is a limited subset of the DNA Relative profile information. 

A 23andMe spokesperson told FOX Business that the company had no indication that there had been a breach or data security incident within its systems or that the company was the source of the account credentials used in these attacks. 

"We have taken steps to further protect customer data, including requiring all existing customers to reset their password and requiring two-step verification for all new and existing customers," a company spokesperson said. "The company will continue to invest in protecting our systems and data." 

The latest news comes after some 23andMe customers’ profile information started appearing on a dark web forum used by hackers in early October. 

In a blog post, 23andMe said bad actors may have "accessed 23andMe.com accounts without authorization and obtained information from certain accounts, including information about users’ DNA Relatives profiles, to the extent a user opted into that service."

The bad actor did so "in instances where users recycled login credentials — that is, usernames and passwords that were used on 23andMe.com were the same as those used on other websites that have been previously hacked."

 

Originally published by: Aislinn Murphy and Bradford Betz on FOX Business

Print Friendly, PDF & Email

sign up for the newsletter

By signing up, you agree to our Privacy Policy and Terms of Use, and agree to receive content that may sometimes include advertisements. You may opt out at any time.

7 steps - Lead Gen

More Economic News