More details are emerging about a data breach the genetic testing company 23andMe first reported in October.
As the company shares more information, the situation is becoming even murkier and creating greater uncertainty for users attempting to understand the fallout.
23andMe said at the beginning of October that attackers had infiltrated some of its users' accounts and piggybacked off of this access to scrape personal data from a larger subset of users through the company's opt-in, social sharing service known as DNA Relatives.
At the time, the company didn't indicate how many users had been impacted, but hackers had already begun selling data on criminal forums that seemed to be taken from at least a million 23andMe users, if not more.
Fourteen thousand is a lot of people in itself, but the number didn't account for the users impacted by the attacker's data-scraping from DNA Relatives.
From the group of 5.5 million people, hackers stole display names, most recent login, relationship labels, predicted relationships, and percentage of DNA shared with DNA Relatives matches.
In some cases, this group also had other data compromised, including ancestry reports and details about where on their chromosomes they and their relatives had matching DNA, self-reported locations, ancestor birth locations, family names, profile pictures, birth years, links to self-created family trees, and other profile information.
The smaller subset of 1.4 million impacted DNA Relatives users specifically had display names and relationship labels stolen and, in some cases, also had birth years and self-reported location data affected.
This Cyber News was published on www.wired.com. Publication date: Wed, 06 Dec 2023 00:13:05 +0000