23andMe data breach: Hackers accessed data of 6.9 million users
23andMe, a company that does genetic testing and traces ancestry through shared DNA, confirmed to FOX TV Stations on Monday that hackers accessed personal data of about 0.1% of customers, which amounts to roughly 14,000 people who have used 23andMe.
Hackers were able to breach those accounts because the customers had used the same username and password on 23andMe as they had on other websites that had been previously compromised.
Because the "threat actor" was able to access the personal data of those 14,000 customers, the hackers were also able to access information of about 5.5 million DNA Relatives profile files, as well as 1.4 million Family Tree profiles, a company spokesperson told FOX.
Information that could have been accessed through the Family Tree profiles or the DNA Relatives profiles included display names, relationship labels, percentage of DNA shared with DNA relative matches, ancestry reports, self-reported locations, birth locations, birth year, family names and "anything else they may have been included in the ‘Introduce yourself’ section" of a user’s DNA Relatives profile.
The company said it has concluded its investigation of the breach and will be notifying affected customers.
"We have taken steps to further protect customer data, including requiring all existing customers to reset their password and requiring two-step verification for all new and existing customers. The company will continue to invest in protecting our systems and data," 23andMe said in a blog post.
23andMe also noted it had no indication that there had been a breach or data security incident within its systems or that the company was the source of the account credentials used in these attacks.
This latest update comes a little over a month after the company initially announced the data breach in October of this year.
The California-based company, founded in 2006, said it conducts routine monitoring and auditing of its systems "to ensure that your data is protected." It said it has urged multifactor authentication among its users for years, a method it reiterated in a blog post that customers should take advantage of.
23andMe’s overall customer base amounts to over 14 million, according to its website.
What happened with the 23andMe leak
A hacker claimed to have leaked and sold millions of users' data from 23andMe. The hacker also claimed to have data from celebrities, such as Mark Zuckerberg and Elon Musk, but this has not been verified by 23andMe.
In the weeks that followed, the bad actors in the breach were reportedly offering compilations of customer information for a price on a dark web forum, according to multiple outlets.
FOX News and FOX Business contributed to this report. This story was reported from Los Angeles.