An SEC filing has revealed more details on a data breach affecting 23andMe users that was disclosed earlier this fall. The company says its investigation found hackers were able to access information from 0.1 percent of its userbase, or the accounts of about 14,000 of its 14 million total customers, TechCrunch notes. On top of that, the attackers were able to exploit 23andMe’s opt-in DNA Relatives feature to access “profile information about other users’ ancestry.” 23andMe hasn't said how many of these users were affected. Hackers posted information from both groups online.
When the breach was first revealed in October, the company said its investigation “found that no genetic testing results have been leaked.” According to the new filing, the data “generally included ancestry information, and, for a subset of those accounts, health-related information based upon the user’s genetics.” All of this was obtained through a credential-stuffing attack, in which hackers used login information from other, previously compromised websites to access those users’ accounts on other sites. In doing this, the filing says, “the threat actor also accessed a significant number of files containing profile information about other users’ ancestry that such users chose to share when opting in to 23andMe’s DNA Relatives feature and posted certain information online.”
Engadget has reached out to 23andMe for comment. Following the discovery of the breach, 23andMe instructed affected users to change their passwords and later rolled out two-factor authentication for all of its customers. In another update on Friday, 23andMe said it had completed the investigation and is notifying everyone who was affected. The company also wrote in the filing that it “believes that the threat actor activity is contained,” and is working to have the publicly-posted information taken down.
This article originally appeared on Engadget at https://www.engadget.com/23andme-hackers-accessed-ancestry-information-from-thousands-of-customers-and-their-dna-relatives-205758731.html?src=rss https://www.engadget.com/23andme-hackers-accessed-ancestry-information-from-thousands-of-customers-and-their-dna-relatives-205758731.html?src=rssLogin to add comment
Other posts in this group
Welcome to our first weekly roundup of indie game releases, news and trailers. It's impossible to cover the indie scene completely comprehensively — dozens of games hit Steam alone every single day
I can't blame you if you've been spending more time outside lately instead of reading gadget reviews. Spring has sprung, at least for us at Engadget HQ in the US, and there's a lot of touching gras
Threads users have long joked about the sometimes bizarre posts served up by its recommendation algorithm since the early days of the app. Lately though, some users are starting to notice another t
In the latest blow to what was generally a functional government, President Donald Trump wants to eliminate the independent agency in charge of issuing recalls and protecting US citizens from harmf
Epic has officially submitted Fortnite to the US Apple App Store. If the game returns, it’ll be the
