iStock.com/Sundry Photography
Data Breach at 23andMe Targets 6.9M User Profiles
December 5, 2023
A data breach at the website 23andMe has targeted 6.9 million user profiles. Hackers reportedly used old customer passwords to gain access to personal customer information from the company, which provides DNA testing that helps users learn more about their ancestry.
According to a United States Securities and Exchange Commission document, the data breach took place in October. The United States Securities and Exchange Commission wrote, “Upon learning of the incident, 23andMe immediately commenced an investigation and engaged third-party incident response experts to assist in determining the extent of any unauthorized activity.”
Based on the investigation, the website determined that only a very small percentage of accounts were initially compromised — 0.1%, or around 14,000 profiles, specifically. The compromised accounts had passwords and usernames that “were the same as those used on other websites that had been previously compromised or were otherwise available.”
Subsequently, the statement said that if 23andMe users opted into a feature titled DNA Relatives, those connections could also find their information compromised. According to The New York Times, the hackers used this feature to gain “access to information from 5.5 million DNA Relatives profiles.” They were also able to “access the Family Tree profile information of about 1.4 million other customers participating in the DNA Relatives feature.”
In October, Bloomberg reported on the hacking. At that time, an anonymous hacker claimed to have the genetic profiles from compromised 23andMe customer accounts for sale. These profiles included email addresses, photos, gender, birthdates, and DNA ancestry.
The company initially disclosed the incident in October in a blog post that did not mention the scope of the compromised data, though they said they had launched an investigation. 23andMe is in the process of notifying all affected customers.
For customers to ensure the security of any account they create on a particular website, specific measures can be taken. First, refrain from using usernames and passwords across multiple sites. Second, keep a comprehensive list of passwords in case one is compromised. It is best to try and come up with a string of words that is easy to remember, but it’s advisable not to use family names, birthdates, or other personal information when it comes to login information. Adding special characters that are hard for a human or bot to decipher is also advisable.
Since the hack, the company revealed it will require two-factor authentication to protect both old and new customers.
Recent News
Godfather of AI Suggests a Universal Basic Income
Renowned computer scientist Professor Geoffrey Hinton is advocating for urgent governmental intervention amidst rising concerns over AI-induced job displacement and widening inequality. His expert opinion is not to be taken lightly since he is often hailed as the “godfather of artificial intelligence.”
Ducati Honors Ayrton Senna with Limited Edition Monster
As Formula 1 drivers gear up for the Imola circuit this weekend, Ducati has unveiled a special limited edition Monster to honor Ayrton Senna, marking 30 years since his tragic passing on this track. This isn’t just a commemorative piece; Senna had a deep connection with Ducati, having been both a fan and a collaborator with the brand.
Elon Musk in Bali to Launch Starlink Satellite Internet Service
Elon Musk, the visionary entrepreneur behind Tesla and SpaceX, touched down in Indonesia’s picturesque island of Bali on Sunday, embarking on a mission to introduce Starlink satellite internet service to the vast archipelago nation.
Blue Origin Relaunches Space Tourism
Blue Origin made a triumphant return to space tourism with the launch of its New Shepard rocket, marking the end of a nearly two-year hiatus. The NS-25 mission, which took off at 9:36 a.m. CT (10:36 a.m. ET) on Sunday, May 19, from Blue Origin’s private facility in West Texas, was the company’s seventh crewed flight and the first since a failed uncrewed test flight in September 2022.