23andMe notifies customers of data breach into its 'DNA Relatives' feature
Reuters
Published Oct 24, 2023 06:15PM ET
Updated Oct 25, 2023 05:26PM ET
By Zeba Siddiqui
SAN FRANCISCO (Reuters) - Genetics testing company 23andMe on Tuesday sent emails to several customers to inform them of a breach into the "DNA Relatives" feature that allowed them to compare ancestry information with users worldwide.
After a hacker advertised millions of "pieces of data" stolen from 23andMe on an online forum this month, the company had said it was working with federal law enforcement and forensic experts to investigate it.
In the new emails, a copy of which was seen by Reuters, 23andMe told customers there was a breach of one or more accounts connected to theirs through the "DNA Relatives" feature. That feature allows users around the world to connect and share their personal data including relationship labels, ancestry reports and matching DNA segments, location, birth year and family names, among other things.
"There was unauthorized access to one or more 23andMe accounts that were connected to you through DNA Relatives," the company told customers in the email on Tuesday. "As a result, the DNA Relatives profile information you provided in this feature was exposed to the threat actor."
23andMe provides DNA testing that helps users learn more about their ancestry. Since news of the hack, many customers have expressed worries their ethnicity and other sensitive information could be used against them if leaked. A U.S. lawmaker last week sought more detail on the leaks.
Several users on social media on Tuesday said they got the email, but it was unclear how many customers had been informed. 23andMe spokeswoman Katie Watson declined to comment, citing its ongoing probe, and referred to the blog where the company said on Oct. 20 that it was temporarily disabling features in the "DNA Relatives" to protect user privacy.
Earlier, the company had said hackers may have used credentials leaked from other websites to breach 23andMe accounts - a technique known as 'credential stuffing'. It advised users change their login information and enable two-factor authentication to prevent compromise.
Get The News You Want
Written By: Reuters
Trading in financial instruments and/or cryptocurrencies involves high risks including the risk of losing some, or all, of your investment amount, and may not be suitable for all investors. Prices of cryptocurrencies are extremely volatile and may be affected by external factors such as financial, regulatory or political events. Trading on margin increases the financial risks.
Before deciding to trade in financial instrument or cryptocurrencies you should be fully informed of the risks and costs associated with trading the financial markets, carefully consider your investment objectives, level of experience, and risk appetite, and seek professional advice where needed.
Fusion Media would like to remind you that the data contained in this website is not necessarily real-time nor accurate. The data and prices on the website are not necessarily provided by any market or exchange, but may be provided by market makers, and so prices may not be accurate and may differ from the actual price at any given market, meaning prices are indicative and not appropriate for trading purposes. Fusion Media and any provider of the data contained in this website will not accept liability for any loss or damage as a result of your trading, or your reliance on the information contained within this website.
It is prohibited to use, store, reproduce, display, modify, transmit or distribute the data contained in this website without the explicit prior written permission of Fusion Media and/or the data provider. All intellectual property rights are reserved by the providers and/or the exchange providing the data contained in this website.
Fusion Media may be compensated by the advertisers that appear on the website, based on your interaction with the advertisements or advertisers.