A user data hack within 23andMe is reportedly far more severe than what representatives first admitted to earlier this year. Although initially estimated to affect less than one percent of users, revised assessments confirmed by a company spokesperson over the weekend indicate as many as half of all 23andMe accounts could be involved in the security breach.
[Related: The Opt-Out: 5 reasons to skip at-home genetic testing.]
Back in October, the popular genetic testing company revealed hackers had gained access to the personal information of a portion of users—such as names, birth years, familial relationships, DNA info, ancestry reports, self-reported locations, and DNA data. 23andMe claims the breach was most likely the result of brute force attacks. In such instances, malicious actors take advantage of a customer’s previously leaked login information, usually repeated passwords and usernames used across multiple internet accounts. 23andMe would not offer concrete numbers for nearly another two months—on December 1, new Securities and Exchange Commission revealed the company estimated only 0.1 percent of users, or roughly 14,000 customers, were directly affected. In the same documents, however, 23andMe also admitted a “significant number” of other users’ ancestry information may have been also tangentially included in the leak.
Over the weekend, TechCrunch speaking with 23andMe officials confirmed the final tally of data breach victims: roughly 6.9 million users, or about half of all accounts.
Those users include an estimated 5.5 million people who previously opted into the service’s DNA Relatives feature, which allows automatic sharing of some personal data between users. In addition to those customers, hackers stole Family Tree profile data from another 1.4 million people who also used the DNA Relatives feature. The increase in victim estimates allegedly stems from the DNA Relatives feature allowing hackers to not only see…
Read the full article here