23andMe data breach

Pro Search

3 steps completed
In October 2023, genetic testing company 23andMe experienced a data breach affecting its "DNA Relatives" feature, which allows users to compare ancestry information with other users worldwide1. Hackers accessed around 14,000 customer accounts, which is approximately 0.1% of the company's customer base2. By accessing these accounts, the hackers were also able to access a significant number of files containing profile information about other users who opted into the "DNA Relatives" feature2. The stolen data generally included ancestry information and, for a subset of accounts, health-related information based on the user's genetics2. The breach was targeted at account holders with Ashkenazi Jewish and Chinese heritage11. 23andMe believes that the hackers used a technique called "credential stuffing," in which they accessed accounts using credentials leaked from other websites1. The company has been working with federal law enforcement and forensic experts to investigate the breach1.
what is credential stuffing and how does it work
what is the impact of the 23andme data breach on users
what measures has 23andme taken to address the data breach