DNA Analyzing Firm 23andMe Suffers From Massive Data Breach—Exposing Information of Over 6 Million Users!

DNA analyzing firm 23andMe confirmed a massive data breach that exposed the information of millions of its users. The California-based biotech company announced this alarming issue on Monday, Dec. 4.

However, 23andMe officials clarified that its system wasn't directly hacked by cybercriminals. Instead, the DNA analyzing firm said that hackers logged into tens of thousands of individual accounts.

Colorado Bureau of Investigations scientist allegedly cut corners and covered up data in criminal investigations — Yvonne “Missy” Woods allegedly omitted material evidence from criminal justice records, tampered with DNA testing and violated CBI policy in areas including data retention and quality control between 2008 and 2023. Sean Gallup/Getty Images

The American biotech company said that this is only 0.1% of its clients. But, knowing that it was a DNA analyzing firm that was attacked by hackers is more than enough to concern Americans.

DNA Analyzing Firm 23andMe Suffers From Massive Data Breach

According to CBS News' latest report, 23andMe said that it launched an investigation in October after a speculated data breach. It all started when a threat actor claimed that acquired the biotech company's user profile information.

This means that most of the affected individuals are those who used the website and services of 23andMe. At first, the DNA analyzing firm said that it acknowledged a filing with the Securities and Exchange Commission.

This filing claims that the hacker accessed 0.1% of its user accounts. However, 23andMe clarified cybercriminals behind the attack might have been able to access the sensitive details of 6.9 million users.

BBC News reported that the hackers who conducted the latest 23andMe data breach relied on users' old passwords, as well as reused usernames.

For those who are not familiar with this California-based biotech firm, it focuses on analyzing DNA from people's saliva samples. After that, the company will produce reports showing clients' genetic health risks, ancestry, and other similar information.

This means that the details that 23andMe has are quite sensitive. But, should Americans really worry about the data breach?

What 23andMe Data Was Accessed?

DNA Analyzing Firm 23andMe Suffers From Massive Data Breach—Exposing Information of Over 6 Million Users! — Blood samples taken from volunteers are labelled and ready to be stored in the UK Biobank which will hold up to 15 million urine and blood samples, all controlled by robotics on April 17, 2007, Stockport, England. The new UK Biobank is the largest blood based research project in the world. Christopher Furlong/Getty Images

The biotech company confirmed that the hackers were able to access significant numbers of files, which contain profile information about users' ancestry.

It claimed that cybercriminals download sensitive information from other uses linked to the compromised 23andMe accounts. Information stolen by the hackers includes locations, pictures, addresses, birth years, and DNA percentages shared with relatives.

As of writing, the DNA analyzing firm hasn't confirmed if hackers advertised the stolen data to buyers or other cyber attackers. The latest data breach against the company shows the importance of cybersecurity behaviors of businesses.

"Poorly secured accounts, with weak passwords and no two-factor authentication, put all those sharing their sensitive data at risk," explained CybSafe CEO Oz Alashe.