- 23andMe hit by a major data breach, impacting 6.9 million users.
- Cyber-criminals exploit old passwords, accessing personal details and family information.
- 23andMe responds: notifies users, enforces password changes, stresses cybersecurity importance.
In a significant blow to the privacy and security of its users, genetic testing behemoth 23andMe has fallen victim to a large-scale data breach, exposing personal information from approximately 6.9 million of its users.
The breach, which did not compromise DNA records, highlights the vulnerability of user accounts due to the use of outdated passwords.
The breach, affecting over half of 23andMe’s customer base, occurred as cyber-criminals successfully logged into around 14,000 individual accounts. These criminals, utilizing email and password details from previous unrelated hacks, were able to access a substantial number of files containing profile information about users’ ancestry.
Although the company itself was not directly hacked, the attackers managed to download not only the data from compromised accounts but also private information linked to other users across the extensive family trees on the platform. Stolen data includes names, birth years, locations, pictures, addresses, and the percentage of DNA shared with relatives.
One particularly concerning aspect of the breach is the access gained to the family tree profile information of approximately 1.4 million customers participating in the DNA relatives feature. This included display names and relationship labels, raising concerns about the potential for targeted attacks.
While a batch of data was reportedly advertised on a hacking forum as a list of individuals with Jewish ancestry, there is currently no evidence of any buyers or malicious use of the datasets. However, cybersecurity experts emphasize the urgency for improved security practices among the general population.
Oz Alashe, CEO of CybSafe, a risk management platform, underscored the importance of enhancing cybersecurity behaviors, stating, “Poorly secured accounts, with weak passwords and no two-factor authentication, put all those sharing their sensitive data at risk.”
In response to the breach, 23andMe is notifying all affected customers as mandated by law. The company is also taking proactive measures, requiring affected users to change their passwords and enhance their account security. As investigations continue, users are urged to update their login credentials and remain vigilant for any signs of suspicious activity related to their accounts.
This incident serves as a stark reminder of the evolving threats in the digital age and the imperative for individuals and companies alike to prioritize robust cybersecurity measures to safeguard sensitive personal information.
[embedpost slug=”/legal-win-for-intel-as-2-18b-vlsi-patent-verdict-reversed-on-appeal/”]
