Title: Genetic Testing Company 23andMe Discloses Breach Exposing DNA Ancestry of 7 Million People
In a recent announcement, leading genetic testing company 23andMe has revealed a major security breach that compromised the DNA ancestry information of nearly 7 million individuals. The breach, which occurred in early October, led hackers to gain unauthorized access to the platform, putting the personal data of approximately 14,000 users at risk.
The severity of the breach became clear due to an opt-in feature on the site that allows individuals to connect with DNA-related relatives. This connection feature suggests that the actual number of affected individuals could be as high as 6.9 million. Alongside DNA information, the breach exposed the family tree profile details of around 1.4 million users, including names, relationship labels, birth years, and location data.
The breach came to light when a sample of data points from 23andMe accounts was discovered on a black-hat hacking crime forum. Disturbingly, the hackers not only took advantage of the situation by selling 23andMe profiles for as little as $1 but also exposed genetic ancestry results of the affected individuals.
Shockingly, the hackers eventually released user information from a staggering 4 million profiles, with some of them reportedly belonging to affluent individuals from the UK, the US, and western Europe. Experts analyzing the leaked data have found that some records matched genetic data that had been previously published online by genealogists and hobbyists.
The breach is believed to have occurred as a result of customers reusing compromised passwords from other data breaches – a practice known as “credential stuffing”. 23andMe has firmly stated that it considers the hackers’ actions a violation of its terms of service, highlighting the unauthorized access to customer accounts.
Data breaches of this magnitude raise serious concerns about the privacy and protection of personal information. Genetic testing firms like 23andMe play a crucial role in allowing individuals to explore their ancestry and health information. However, incidents like this underscore the need for individuals to exercise caution and ensure that they have strong, unique passwords for each online platform they use.
As the fallout from this breach continues, 23andMe is expected to face significant scrutiny regarding their security measures and how they plan to prevent similar incidents in the future. It serves as a stark reminder that all companies, regardless of industry, must prioritize the security of their customers’ data.
