CNN
—
A hacker or hackers have accessed almost seven million profiles of 23andMe prospects, a spokesperson for the genetic testing agency advised CNN on Tuesday, together with in some circumstances customers’ ancestry reviews, zip codes and start years.
A Friday submitting from 23andMe to the Securities and Change Fee stated that about 0.1% of the corporate’s person accounts, or roughly 14,000, had their accounts breached by the hackers.
23andMe is standing by that quantity however can be now telling reporters that the hackers have been capable of entry some 5.5 million profiles that use an organization characteristic known as DNA Kin that enables customers to search out genetic kinfolk. As well as, the hackers accessed a subset of household tree data on 1.4 million DNA Kin profiles, the 23andMe spokesperson stated in an emailed assertion.
Engadget, a tech information outlet, first reported on the broader affect of the hack.
It’s the newest hack to have an effect on a significant US company that has impacted way more folks than preliminary information reviews urged. Final month, id administration agency Okta admitted that hackers had stolen knowledge on all customers in Okta’s buyer assist system, after initially reporting in September that lower than 1% of greater than 18,000 have been affected.
Within the case of 23andMe, the hackers reused outdated usernames and passwords from different web sites to interrupt into 23andMe buyer accounts — a rudimentary however efficient approach known as credential stuffing.
The 23andMe spokesperson, who declined to be named, didn’t reply to questions on who carried out the hack.
“23andMe has accomplished its investigation, assisted by third-party forensics consultants. We’re within the technique of notifying affected prospects, as required by regulation,” an announcement posted Saturday night to the corporate’s web site says. “Now we have taken steps to additional defend buyer knowledge, together with requiring all present prospects to reset their password and requiring two-step verification for all new and present prospects.”