A Dire Warning From 23andMe’s Breach: The Perils Of A Fully Digital Economy

The California-based company announced last week that hackers had accessed the personal data of 0.1% of its customers — around 14,000 individuals. 

Hackers were able to breach those accounts because the customers had used the same username and password on 23andMe as they had on other websites that had been previously compromised.  

By accessing those accounts to access “Credential Stuffed Accounts,” hackers were able to access roughly 5.5 million DNA Relatives profile files. An additional 1.4 million customers participating in the DNA Relatives feature had their Family Tree profile information access, which is a limited subset of the DNA Relative profile information. 

A 23andMe spokesperson told FOX Business that the company had no indication that there had been a breach or data security incident within its systems or that the company was the source of the account credentials used in these attacks. 

“We have taken steps to further protect customer data, including requiring all existing customers to reset their password and requiring two-step verification for all new and existing customers,” a company spokesperson said. “The company will continue to invest in protecting our systems and data.” 

The latest news comes after some 23andMe customers’ profile information started appearing on a dark web forum used by hackers in early October. 

In a blog post, 23andMe said bad actors may have “accessed 23andMe.com accounts without authorization and obtained information from certain accounts, including information about users’ DNA Relatives profiles, to the extent a user opted into that service.”

The bad actor did so “in instances where users recycled login credentials — that is, usernames and passwords that were used on 23andMe.com were the same as those used on other websites that have been previously hacked.”

Originally published by: Aislinn Murphy and Bradford Betz on FOX Business