AFPE A test kit from 23andMe to collect saliva samples with DNA
NOS Nieuws•vandaag, 11:40
The data of 6.9 million people was leaked during a hack of an American commercial DNA database. The company, 23andMe, confirmed this to The Verge. Previously, there were far fewer victims.
At 23andMe people can have DNA tested for kinship or hereditary diseases. The hackers struck in early October, but it is only now clear on what scale data was stolen. The company has confirmed that user data has been put up for sale on the dark web in recent months.
A few days ago, 23andMe provided more information in a letter to the American stock exchange watchdog SEC, but at that time there was much less stolen data.
In the statement, 23andMe writes that this concerns information about the family tree, but in some cases also health information based on the DNA analysis of users.
Using information from other hacks – often involving reused passwords – the perpetrators had managed to log in to the accounts of 14,000 users. That’s about 0.1 percent of 23andMe’s total customer base.
However, it doesn’t stop there, it now appears. With those 14,000 accounts, the attackers could use the ‘DNA Relatives’ function, a way to trace (distant) relatives. This way they could access the information of millions of other users.
23andMe says it is still in the process of notifying all affected people about the leak. The company also warns users to change their passwords. Two-step verification is now also mandatory. That was only an option until now.