Crime
23andMe Exposes 6.9 Million Users: Hackers Run Wild!
Clear Facts
- 23andMe confirms hackers stole personal data from about 6.9 million users, roughly half of its customer base.
- Hackers accessed accounts due to customers using the same username and password on 23andMe as on other compromised websites.
- 23andMe has taken steps to protect customer data, including requiring password resets and two-step verification for all customers.
Genetic testing company 23andMe confirmed on Monday that hackers stole personal data from approximately 6.9 million users, which is about half of its entire customer base.
The California-based company had announced last week that hackers accessed the personal data of 0.1% of its customers, or around 14,000 individuals.
The hackers were able to breach those accounts because the customers had used the same username and password on 23andMe as they had on other websites that had been previously compromised. By accessing these “Credential Stuffed Accounts,” hackers were able to access roughly 5.5 million DNA Relatives profile files.
Additionally, 1.4 million customers participating in the DNA Relatives feature had their Family Tree profile information accessed, which is a limited subset of the DNA Relative profile information.
A 23andMe spokesperson told FOX Business that the company had no indication that there had been a breach or data security incident within its systems or that the company was the source of the account credentials used in these attacks.
“We have taken steps to further protect customer data, including requiring all existing customers to reset their password and requiring two-step verification for all new and existing customers,” a company spokesperson said. “The company will continue to invest in protecting our systems and data.”
This latest news comes after some 23andMe customers’ profile information started appearing on a dark web forum used by hackers in early October.
In a blog post, 23andMe said bad actors may have “accessed 23andMe.com accounts without authorization and obtained information from certain accounts, including information about users’ DNA Relatives profiles, to the extent a user opted into that service.”
The bad actor did so “in instances where users recycled login credentials — that is, usernames and passwords that were used on 23andMe.com were the same as those used on other websites that have been previously hacked.”
Clear Thoughts (op-ed)
The recent 23andMe data breach is a stark reminder of the dangers we face in the digital age.
As we willingly share more personal information online, we must be vigilant in protecting our data. The hackers exploited a common mistake: reusing the same login credentials across multiple sites. This carelessness led to the exposure of 6.9 million users’ sensitive genetic information.
23andMe has taken steps to secure customer data, but it’s not enough. We must take personal responsibility for our online security and not rely solely on companies to protect us.
In the end, the best defense against cybercrime is a well-informed and proactive user.
Let us know what you think, please share your thoughts in the comments below.
Colleen
December 11, 2023 at 6:38 pm
I have tried to stay as far away from digital as humanly possible. People have gotten so addicted that even with TikTok they’re willing to put their information out there in cyberworld and the stupidity of taking pictures with dangerous animals, in dangerous places is showing me the mindset of these users. Better wake up before it’s over!
Sunshine Kid
December 11, 2023 at 6:45 pm
Ever notice that two of the “required fields” are always your name and email address? And then wonder why your information gets hacked. It’s one reason that I use fake name and a throwaway email address whenever I comment on sites such as this one.
Lei
December 11, 2023 at 10:29 pm
With two factions of our country now actively fighting (Muslims and Jews) what could go wrong with this breach?