Hackers stole ancestry data of 6.9 million users, 23andMe finally confirmed!
Update: December 6th, 2023: The majority of impacted users are now being notified
After the original cyber attack was reported in November, 2023 "at least a million data points from 23andMe accounts" that were "exclusively about Ashkenazi Jews" and data points from "hundreds of thousands of users of Chinese descent" seemed to be exposed. But beyond those estimates, for two months, all the public knew was that 23andMe's filing noted that “a significant number of files containing profile information about other users’ ancestry" were also accessed.
Today, December 5, 2023 we know now how many Users equals their conservative and ambiguous statements released equals "significant": 6.9 Million co
Confirmed that 2 groups of users who opted into the DNA Relatives feature had their personal data stolen.
23andMe describes the DNA Relatives feature as "one of the most interactive features" offered on the site, "allowing you to find and connect with genetic relatives and learn more about your family." By opting in, users hope to find lost family members by willingly giving others access to information like their birth year, current location, and ancestors' names and birth locations. Users can opt out at any time, but if they do, it makes it harder to detect relatives "on any branch of your family tree," the website says.
The largest group, spanning about 5.5 million users, was hacked after opting in to automatically sharing information with DNA Relatives, including their "name, birth year, relationship labels, the percentage of DNA shared with relatives, ancestry reports, and self-reported location," TechCrunch reported. The smaller group, about 1.4 million users, shared "Family Tree profile information" that was hacked, including display names, relationship labels, birth year, and self-reported location.
Asked for comment, a 23andMe spokesperson linked Ars to a blog noting that all impacted users are currently being notified. The company has not clarified why it did not disclose these exact numbers when announcing the cyberattack. According to TechCrunch, these new numbers suggest that nearly half of 23andMe's 14 million users were hacked.
When the hack was first reported, a nonprofit dedicated to defending online privacy, the Electronic Frontier Foundation (EFF), reported that "there are no federal laws that clearly protect users of online genetic testing sites like 23andMe."
While 23andMe recommended that all users strengthen their passwords, EFF went one step further and suggested that users consider disabling the DNA Relatives feature, especially if they're not actively using it. EFF also provided a tutorial for users preparing to download their 23andMe data and delete their accounts.
Please, if you care for your privacy and do not want any more hackers compromising/accessing you or your loved one's DNA, do your own research regarding 23andme or any other DNA companies!
https://www.eff.org/deeplinks/2023/10/what-do-if-youre-concerned-about-23andme-breach