23andMe has finally confirmed the extent of its recent data breach, and it’s not good news.
A total of 6.9 million users of the genetic testing site have been affected, TechCrunch reported on Monday. 23andMe explained that although only 0.1 percent of its customers (14,000 users) had their information accessed by hackers initially, this then allowed the same group to access the profile information of millions of other users via the service’s DNA Relatives feature. Those who opted in to this feature gave the site permission to automatically share some of their data with other users.
To break it down, 5.5 million users had information stolen that included their name, birth year, relationship, ancestry reports, self-reported location, and the DNA percentage shared with family. A further 1.4 million users had information related to their Family Tree stolen. This also includes names, birth years, relationships, and self-reported location.
Given that 23andMe has over 14 million customers, per its 2023 financial results report, it appears that almost half their user base has been affected by this hack.
23andMe first confirmed that data had been stolen back in October. Later in the month, when a hacker appeared to offer up data for sale on 4 million users, the company said it was “reviewing the data” to determine legitimacy.
In its latest update on the hack, 23andMe said it’s in the process of notifying affected customers.
“We have taken steps to further protect customer data, including requiring all existing customers to reset their password and requiring two-step verification for all new and existing customers,” reads the company’s blog post. “The company will continue to invest in protecting our systems and data.”
