techcrunch.com
23andMe Data Breach Exposes Ancestry Information of 6.9 Million Users
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
23andMe confirmed that hackers accessed the personal data of 6.9 million users, including sensitive ancestry information. Initially, the company reported only 14,000 accounts breached, but later disclosed that 5.5 million users of the DNA Relatives feature were affected. Additionally, 1.4 million users had their family tree profile information accessed. The breach occurred due to credential stuffing, where hackers reused old usernames and passwords from other sites. 23andMe has since required all customers to reset their passwords and enabled two-step verification. The breach was first claimed by a hacker on a forum in October 2023, who offered stolen data for sale. The company is currently notifying affected customers as required by law.
Key Points: • Hackers accessed data from 6.9 million 23andMe users, significantly more than initially reported. • The breach was facilitated through credential stuffing, exploiting reused passwords from other sites. • 23andMe has implemented mandatory password resets and two-step verification for all users.