Nothing is safe from hackers on the web, not even the information 23andMe.
Spotted on The Verge, genetic testing and analysis company 23andMe announced on its blog site Friday, October 6, that hackers stole user data and is currently making its rounds on forums on the dark web.
According to the website, hackers utilized recycled logins to access the compromised accounts.
Another website, BleepingComputer, reports that a hacker dropped “1 million lines of data” for Ashkenazi Jewish people and was being sold for $1 – $10 per account.
The stolen data includes users’ names, profile photos, genetic ancestry results, date of birth, and geographical location. 23andMe confirmed the bad news to both websites.
Per The Verge:
The company confirmed to BleepingComputer that the data is legitimate in a statement it also shared in an email to The Verge. In the statement, 23andMe managing editor Scott Hadly wrote that “the preliminary results of this investigation suggest that the login credentials used in these access attempts may have been gathered by a threat actor from data leaked during incidents involving other online platforms where users have recycled login credentials.” He added that there was no indication of “a security incident within our systems.” BleepingComputer reports other users’ data was scraped using one of 23andMe’s own opt-in features, called ‘DNA Relatives”
In 23andMe’s blog post, there are instructions for users to reset their password and set up multi-factor authentication.
There is also a link to the company’s privacy and security checkup page while also directing users to its support team’s email if they need further assistance.
More Than 7 Million Accounts Were Affected
A PCMag report indicates that more than 7 million accounts might be in the sale getting their information from a Dark Web Informer post that included a screenshot from the now-deleted hacker forum post.
23andMe’s CEO Allegedly Knew About The Hack Two Months Prior
In a damning report from ArsTechnia, hackers claimed that 23andMe’s CEO was well aware of the stolen data two months ago but opted to keep quiet about it.
23andMe has spoken about the hack on its official X account, claiming it has conducted an investigation but has “not identified any unauthorized access” to its systems.
If you have been on the fence about giving your info to 23andMe, this news will keep you away.
Photo: Smith Collection/Gado / Getty