Tuesday, November 26, 2024
HomeBusiness23andMe alerts customers of breach after hacker advertised stolen data

23andMe alerts customers of breach after hacker advertised stolen data


Genetics testing company 23andMe sent emails to several customers to inform them of a breach into the “DNA Relatives” feature that allowed them to compare ancestry information with users worldwide.

After a hacker advertised millions of “pieces of data” stolen from 23andMe on an online forum this month, the company had said it was working with federal law enforcement and forensic experts to investigate it.

In the new emails, a copy of which was seen by Reuters, 23andMe told customers there was a breach of one or more accounts connected to theirs through the “DNA Relatives” feature.

That feature allows users around the world to connect and share their personal data including relationship labels, ancestry reports, and matching DNA segments, location, birth year, and family names, among other things.

“There was unauthorized access to one or more 23andMe accounts that were connected to you through DNA Relatives,” the company told customers in the email on Tuesday. “As a result, the DNA Relatives profile information you provided in this feature was exposed to the threat actor.”

23andMe said it was working with federal law enforcement and forensic experts to investigate the breach.
Getty Images for LARAS

23andMe provides DNA testing that helps users learn more about their ancestry. Since the news of the hack, many customers have expressed worries their ethnicity and other sensitive information could be used against them if leaked. A US lawmaker last week sought more detail on the leaks.

Several users on social media on Tuesday said they got the email, but it was unclear how many customers had been informed. 

23andMe spokeswoman Katie Watson declined to comment, citing its ongoing probe, and referred to the blog where the company said on Oct. 20 that it was temporarily disabling features in the “DNA Relatives” to protect user privacy.

Earlier, the company had said hackers may have used credentials leaked from other websites to breach 23andMe accounts – a technique known as ‘credential stuffing’. It advised users to change their login information and enable two-factor authentication to prevent compromise.




This story originally appeared on NYPost

RELATED ARTICLES
- Advertisment -

Most Popular

Recent Comments