23andMe data breach impacts its DNA Relatives feature

Genetics testing company 23andMe has sent emails to several customers regarding a breach of its DNA Relatives feature, which allows them to compare ancestry information with users worldwide.

After a hacker advertised millions of "pieces of data" stolen from 23andMe on an online forum this month, the company had said it was working with federal law enforcement and forensic experts to investigate it.

In the new emails, a copy of which was seen by Reuters, 23andMe told customers that there was a breach of one or more accounts connected to theirs through the DNA Relatives feature.

That feature allows users around the world to connect and share their personal data, including relationship labels, ancestry reports and matching DNA segments, location, birth year, and family names, among other things.

"There was unauthorized access to one or more 23andMe accounts that were connected to you through DNA Relatives," the company told customers in the email on Tuesday. "As a result, the DNA Relatives profile information you provided in this feature was exposed to the threat actor."

23andMe provides DNA testing that helps users learn more about their ancestry. Since news of the hack, many customers have expressed worries their ethnicity and other sensitive information could be used against them if leaked. A U.S. lawmaker last week sought more detail on the leaks.

Several users on social media on Tuesday said they got the email, but it was unclear how many customers had been informed. 23andMe spokeswoman Katie Watson declined to comment, citing its ongoing probe, and referred to the blog where the company said on October 20th that it was temporarily disabling features in the "DNA Relatives" to protect user privacy.

Earlier, the company had said hackers may have used credentials leaked from other websites to breach 23andMe accounts – a technique known as 'credential stuffing'. It advised users change their login information and enable two-factor authentication to prevent compromise.

More from Cybernews:

Experts name essential skills to beat the robot takeover

Microsoft lure used in Webmail zero-day attack

Video and Audio calls coming to X

OpenAI, Microsoft, Google, Anthropic create $10M AI safety fund, appoint new director

Spies using LinkedIn to target firms, warns CIA veteran

Subscribe to our newsletter

Leave a Reply

Your email address will not be published. Required fields are markedmarked