Massive data breach at 23andMe: personal data of 6.9 million users compromised

23andMe recently disclosed that hackers compromised the personal data of 6.9 million users. The initial breach occurred in early October, with approximately 14,000 individual accounts reportedly unlawfully accessed at that time (about 0.1% of its customers). The company did not initially reveal the broader impact, but it is now confirmed that the data breach affected about half of 23andMe's 14 million customers.

A company's spokesperson confirmed that the hackers accessed the personal information of approximately 5.5 million users who had used the DNA Relatives feature, allowing automatic data sharing with other users. The stolen data included names, birth years, relationship labels, DNA shared percentage with relatives, ancestry reports, and self-reported locations. Hackers also accessed the Family Tree profile information of another 1.4 million users who had opted for the DNA Relatives feature, which included display names, relationship labels, birth years, self-reported locations, and user consent to share information for a total of 6.9 million affected users. The DNA Relatives feature's unique matching system enabled hackers to access personal data of both the account holder and their relatives by compromising one account, significantly increasing the victim count in the data breach.

The company initially withheld these specific figures, leading to transparency concerns about the full extent of the incident,To make matters worse, they have decided to attribute a significant portion of the blame for the breach to customers reusing passwords, a justification that hasn't convinced many users. That's why if you're a 23andMe user, besides changing all your credentials and removing most of your personal information from the platform, you might want to consider alternative services such as MyHeritage, Ancestry, or a free option like FamilySearch.org (if you are more interested in the family trees and genealogy tools).