Back

23andMe Data Breach Exposes Ancestry Information of 6.9 Million Users

Severity: High (Score: 67.5)

Sources: www.cnn.com, techcrunch.com

Published: 2026-05-29 · Updated: 2026-05-30

Keywords: hackers, million, ancestry, data, users, profiles, genetic

Summary

23andMe confirmed that hackers accessed the personal data of 6.9 million users, including sensitive ancestry information. Initially, the company reported only 14,000 accounts breached, but later disclosed that 5.5 million users of the DNA Relatives feature were affected. Additionally, 1.4 million users had their family tree profile information accessed. The breach occurred due to credential stuffing, where hackers reused old usernames and passwords from other sites. 23andMe has since required all customers to reset their passwords and enabled two-step verification. The breach was first claimed by a hacker on a forum in October 2023, who offered stolen data for sale. The company is currently notifying affected customers as required by law. Key Points: • Hackers accessed data from 6.9 million 23andMe users, significantly more than initially reported. • The breach was facilitated through credential stuffing, exploiting reused passwords from other sites. • 23andMe has implemented mandatory password resets and two-step verification for all users.

Detailed Analysis

**Impact** Approximately 6.9 million 23andMe users were affected, representing roughly half of the company’s 14 million customers. The breach exposed personal data including names, birth years, ancestry reports, relationship labels, percentage of shared DNA, self-reported locations, and family tree profile information. The compromised data primarily impacts users who opted into the DNA Relatives feature. The incident affects individuals across the United States, with no specific geographic limitations reported. Business consequences include reputational damage and regulatory notification obligations. **Technical Details** The attackers employed credential stuffing using reused usernames and passwords obtained from other breaches to brute-force access to approximately 14,000 accounts. Through these accounts, they accessed linked data of millions of relatives via the DNA Relatives feature, expanding the breach’s scope. No malware, CVEs, or specific infrastructure details were disclosed. The attack corresponds to the initial access and data exfiltration stages of the kill chain. No IOCs were provided in the sources. **Recommended Response** Organizations should enforce multi-factor authentication and require password resets to mitigate credential stuffing risks, as 23andMe has done. Monitoring for unusual login patterns and failed authentication attempts is advised. Customers should be notified promptly, and affected users should be encouraged to change passwords on other services if reused. No specific patches or malware detections are applicable based on available information.

Source articles (2)

  • Hackers Access 7 Million 23andme Profiles — www.cnn.com · 2026-05-29
    A hacker or hackers have accessed nearly seven million profiles of 23andMe customers, a spokesperson for the genetic testing firm told CNN on Tuesday, including in some cases users’ ancestry reports,…
  • 23andme Confirms Hackers Stole Ancestry Data On 6 9 Million Users — techcrunch.com · 2026-05-29
    On Friday, genetic testing company 23andMe announced that hackers accessed the personal data of 0.1% of customers, or 14,000 individuals . The company also said that by accessing those accounts, hacke…

Timeline

  • 2023-10-01 — Initial breach claimed by hacker: A hacker announced on a forum that they had stolen DNA information from 23andMe users, offering data for sale.
  • 2023-12-01 — 23andMe discloses breach: The company reported that 14,000 accounts were compromised, but later revealed a much larger impact.
  • 2026-05-29 — 23andMe confirms total affected users: 23andMe confirmed that the breach affected 6.9 million users, including sensitive ancestry data.

Related entities

  • Credential Stuffing (Attack Type)
  • Data Breach (Attack Type)
  • 23andMe (Company)
  • Okta (Company)
  • CWE-200 - Exposure of Sensitive Information (Cwe)
  • october.as (Domain)
  • T1078 - Valid Accounts (Mitre Attack)
  • T1110 - Brute Force (Mitre Attack)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed