23andMe: Hackers accessed data of 6.9 million users. How did it happen?
Ancestry and genetics company 23andMe confirmed Monday that "threat actors" used about 14,000 accounts to access the ancestry data of 6.9 million people, as first reported by TechCrunch.
The hackers were able to access the accounts by using usernames and passwords from other compromised websites that were the same on 23andMe, according to the company.
"We do not have any indication that there has been a breach or data security incident within our systems, or that 23andMe was the source of the account credentials used in these attacks," a company spokesperson said in an email.
The accounts accessed make up approximately .1% of the company's user base, according to a Friday filing with the Securities and Exchange Commission.
The company said that 5.5 million users who opted in to 23andMe's Relatives feature, which links people with common DNA. Another 1.4 million users had their family tree information accessed.
Hacked data includes personal and DNA information
The company originally disclosed the incident in October in a blog post that did not mention the scope of the compromised data, though they said they had launched an investigation.
The accessed data includes personal and family information and may include the following, according to the company:
DNA relatives' profile information
- display name
- how recently they logged into their account
- their relationship labels
- their predicted relationship and percentage DNA shared with their DNA Relatives matches
- their ancestry reports and matching DNA segments, specifically where on their chromosomes they and their relative had matching DNA
- self-reported location (city/zip code)
- ancestor birth locations and family names
- profile picture, birth year
- a weblink to a family tree they created, and anything else they may have included in the “Introduce yourself” section of the profile
Family tree information
- display name
- relationship labels
- birth year
- self-reported location (city/zip code)
How to create a strong password
To help prevent similar incidents from compromising consumer information, strong and varied password protection is recommended.
Passwords don’t need to be an overcomplicated string of numbers, letters and symbols that are impossible to memorize.
When creating a strong password, think of a phrase or a string of words that will be easy to remember. For example: Flowersgrowoutside
Then, add in some numbers and special characters.
A password like Flow3rsgrow0uts!de% is trickier for a hacker, human or bot, to crack and gain access to your valuable information.
If you don't want to memorize a plethora of passwords, one can use a digital password manager.
Contributing: Cody Goodwin
Disclaimer: The copyright of this article belongs to the original author. Reposting this article is solely for the purpose of information dissemination and does not constitute any investment advice. If there is any infringement, please contact us immediately. We will make corrections or deletions as necessary. Thank you.