23andMe Notifies More Users About Breach Involving 'DNA Relatives' Feature
In a new batch of emails, 23andMe is notifying users that their information was exposed to a hacker scraping data from the DNA testing service.
Several users reported receiving the email as the company continues to investigate how a hacker abused 23andMe’s “DNA relatives” feature to collect data from potentially millions of users.
"After further review, we have identified your DNA Relatives profile as one that was impacted in this incident,” the company writes. “Specifically, there was unauthorized access to one or more 23andMe accounts that were connected to you through DNA Relatives.”
The email suggests 23andMe has been uncovering more customer profiles ensnared in the breach. This occurs a week after a mysterious user in a hacking forum named “Golem” allegedly published records on 4 million users. On Oct. 3, a seperate user in the same hacking forum claimed to have stolen data from 7 million users.
23andMe didn’t immediately respond to a request for comment. But last week, the company told PCMag it was reviewing the data Golem allegedly leaked on the hacking forum. “Our investigation is ongoing and if we learn that a customer’s data has been accessed without their authorization, we will notify them directly with more information,” it said at the time.
The breach initially involved a hacker merely breaking into select users accounts. According to 23andMe, the hacker likely bought login credentials that were stolen in another breach and pluggied them into the DNA testing website in the hopes that people used the same password across multiple accounts. (You should stop doing that.)
Normally, such hijackings only affect users who had their accounts breached. But in this case, it looks like the hacker was able to access
Read more on pcmag.com
