23andMe Data Breach Exposes Ancestry Information of 6.9 Million Users

23andMe Data Breach Exposes Ancestry Information of 6.9 Million Users

First seen 29 May 2026, 23:24 UTC www.cnn.comtechcrunch.comblog.23andme.com 84% similarity 67.5

Article Content

Browse articles
ThreatCluster

23andMe confirmed that hackers accessed the personal data of 6.9 million users, including sensitive ancestry information. Initially, the company reported only 14,000 accounts breached, but later disclosed that 5.5 million users of the DNA Relatives feature were affected. Additionally, 1.4 million users had their family tree profile information accessed. The breach occurred due to credential stuffing, where hackers reused old usernames and passwords from other sites. 23andMe has since required all customers to reset their passwords and enabled two-step verification. The breach was first claimed by a hacker on a forum in October 2023, who offered stolen data for sale. The company is currently notifying affected customers as required by law.

Key Points: • Hackers accessed data from 6.9 million 23andMe users, significantly more than initially reported. • The breach was facilitated through credential stuffing, exploiting reused passwords from other sites. • 23andMe has implemented mandatory password resets and two-step verification for all users.

ThreatCluster AI

Timeline

2023-10-01
Initial breach claimed by hacker
A hacker announced on a forum that they had stolen DNA information from 23andMe users, offering data for sale.
TechCrunch
2023-12-01
23andMe discloses breach
The company reported that 14,000 accounts were compromised, but later revealed a much larger impact.
CNN
2026-05-29
23andMe confirms total affected users
23andMe confirmed that the breach affected 6.9 million users, including sensitive ancestry data.
TechCrunch

Community

Browse all →