Popular genetic testing company 23andMe opened up about a data breach and said that hackers have gained access to data submitted by about 6.9 million people.
Genetic testing to learn your ancestry has gained popularity in the last couple of years. Social media influencers have been a large part of the success of these genetic testing companies. They talk about their ancestry results on videos uploaded to different social media platforms. As a result, many people have gotten on the trend of submitting a genetic sample and talking about it on social media platforms.
23andMe has been a successful company with its business model of letting customers send their samples through the mail and doing everything online. The appeal of the website is that it not only tests for your ancestry but also for possible health risks you might have in the future based on your DNA. It is also very accessible and relatively cheap compared to DNA tests you have to do in person.
To get your DNA result from 23andMe, you need to sign up on their website. And because everything is done online, the risk of hacking is a very real threat. That is exactly what happened last October when the company was alerted that information on people who had Ashkenazi Jewish ancestry was leaked online. NBC News reported that the data was posted on forums on the dark web. This data breach is especially harmful with the rise of certain extremist groups.
The breach prompted an investigation where they discovered that the amount of data hacked was massive. According to the report first posted on TechCrunch, about 6.9 million people’s data submitted to the genetic testing company was compromised.
Hackers targeted users using a tactic called credential stuffing which means that the logins hacked from other websites were used to gain access to the 23andMe site. People who repeatedly used their passwords fell victim to the scheme.
Then, the hackers searched around the site for potential targets using the DNA Relatives feature to gain other confidential information about other users they might be related to. As a result, hackers gained information on about 6.9 million users, which is roughly half of the 14 million people enrolled on the website.
The company issued a statement back in October, saying that they are taking this issue seriously. However, despite the breach, executives of the genetic testing website say that they only expect a loss of around $1-$2 million from the incident in a report to the Securities and Exchange Commission.