23andMe Reveals Hackers Accessed ‘Significant Number’ Of DNA Records – 23andMe Holding (NASDAQ:ME)
In a significant security breach, genetic testing company 23andMe Holding Co. (ME), confirmed that hackers have accessed around 14,000 customer accounts and an undisclosed number of files containing users’ ancestry data.
What Happened: 23andMe disclosed in a recent U.S. Securities and Exchange Commission filing that a cyber attack had infiltrated 0.1% of its customer base. Given the company’s global customer count of over 14 million, this implies roughly 14,000 affected accounts, reported TechCrunch.
Besides gaining access to these accounts, hackers also acquired a significant number of files related to the ancestry profiles of other users who had used 23andMe’s DNA Relatives feature. The number of files and users impacted is yet to be revealed.
The hackers utilized a method called “credential stuffing” during the breach in early October to acquire user data. This approach involves the use of a compromised password, potentially leaked from another service’s data breach.
The information stolen for the initial 14,000 users primarily included ancestry data and health-related data for some accounts based on user genetics. For the remaining users, the hackers stole “profile information” and published certain unspecified data online.
In the aftermath of the breach, 23andMe implemented password resets and multi-factor authentication for all users, as stated in the new filing. Other DNA testing companies, such as Ancestry and MyHeritage, have since adopted two-factor authentication.
Why It Matters: In early October, an unidentified hacker stole personal genetic data from millions of 23andMe customer accounts. The stolen data, including email addresses, photos, and DNA ancestries, was allegedly available for sale in the shadowy corners of a hacker forum.
This latest breach underscores the growing concerns about privacy and security in the rapidly evolving field of genetic testing.
Genetic testing companies hold a wealth of personal information, including sensitive health data and ancestry profiles. As these services become more popular, it is crucial for these companies to prioritize robust security measures to protect user information from cyber attacks.
Customers who have used or are planning to use genetic testing services should take precautions to safeguard their personal information. This includes using strong, unique passwords for each online account, enabling two-factor authentication whenever possible, and staying vigilant for any suspicious activity or phishing attempts.
As technology continues to advance, it is essential for individuals and companies to remain proactive in safeguarding sensitive data. The increasing frequency of cyber attacks highlights the need for ongoing investment in cybersecurity measures and the adoption of best practices to protect user privacy and security.
