What happened in the 23andMe data breach?
Twingate Team
•
May 24, 2024
In October 2023, genetic testing company 23andMe experienced a data breach that exposed the personal information of millions of users. Hackers gained unauthorized access to user accounts.The exposed data included sensitive information and details from users who opted in to find and connect with genetic relatives. As a result, 23andMe now faces legal action in the form of a class-action lawsuit, accusing the company of failing to protect customer privacy.
How many accounts were compromised?
The breach compromised data for approximately 6.9 million users.
What data was leaked?
The data exposed in the breach included health predispositions, wellness reports, ancestry information, genetic traits, and personal identifiers such as names, email addresses, and phone numbers.
How was 23andMe hacked?
Hackers breached 23andMe's user data through a method called "credential stuffing," where they accessed individual accounts using recycled login credentials from other compromised websites. The company believes that less than 0.1% of its 14 million customers were directly affected, but the breach exposed information from approximately 5.5 million DNA Relatives profiles and 1.4 million Family Tree feature profiles connected to the compromised accounts. The breach lasted for five months before being discovered and addressed by the company.
23andMe's solution
In response to the hack, 23andMe implemented several security measures to protect its platform and prevent future incidents. The company required all customers to reset their passwords and introduced two-step verification for all new and existing customers. Additionally, 23andMe engaged third-party forensic experts and collaborated with federal law enforcement officials in their investigation. While the company has notified all customers of the investigation, it continues to notify impacted customers based on applicable laws.
How do I know if I was affected?
23andMe has notified customers believed to be affected by the breach. If you're a 23andMe customer and haven't received a notification, you may visit Have I Been Pwned to check your credentials.
What should affected users do?
In general, affected users should:
Change Your Password: Immediately update your password for the breached account. Make sure the new password is strong and unique, not previously used on any other platform.
Reset Passwords for Other Accounts: If you've used the same or similar passwords for other online accounts, reset those as well. This is crucial as attackers often try using stolen passwords on multiple sites.
Enable Two-Factor Authentication (2FA): Activate 2FA on the breached account and consider enabling this additional security feature on all other important online accounts to significantly reduce the risk of unauthorized access.
Monitor Your Accounts: Keep an eye on your accounts for any suspicious activity and report any unauthorized access or transactions to the appropriate parties.
For more specific help and instructions related to 23andMe's data breach, please contact 23andMe Customer Care directly.
Where can I go to learn more?
If you want to find more information on the 23andMe data breach, check out the following news articles:
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
What happened in the 23andMe data breach?
Twingate Team
•
May 24, 2024
In October 2023, genetic testing company 23andMe experienced a data breach that exposed the personal information of millions of users. Hackers gained unauthorized access to user accounts.The exposed data included sensitive information and details from users who opted in to find and connect with genetic relatives. As a result, 23andMe now faces legal action in the form of a class-action lawsuit, accusing the company of failing to protect customer privacy.
How many accounts were compromised?
The breach compromised data for approximately 6.9 million users.
What data was leaked?
The data exposed in the breach included health predispositions, wellness reports, ancestry information, genetic traits, and personal identifiers such as names, email addresses, and phone numbers.
How was 23andMe hacked?
Hackers breached 23andMe's user data through a method called "credential stuffing," where they accessed individual accounts using recycled login credentials from other compromised websites. The company believes that less than 0.1% of its 14 million customers were directly affected, but the breach exposed information from approximately 5.5 million DNA Relatives profiles and 1.4 million Family Tree feature profiles connected to the compromised accounts. The breach lasted for five months before being discovered and addressed by the company.
23andMe's solution
In response to the hack, 23andMe implemented several security measures to protect its platform and prevent future incidents. The company required all customers to reset their passwords and introduced two-step verification for all new and existing customers. Additionally, 23andMe engaged third-party forensic experts and collaborated with federal law enforcement officials in their investigation. While the company has notified all customers of the investigation, it continues to notify impacted customers based on applicable laws.
How do I know if I was affected?
23andMe has notified customers believed to be affected by the breach. If you're a 23andMe customer and haven't received a notification, you may visit Have I Been Pwned to check your credentials.
What should affected users do?
In general, affected users should:
Change Your Password: Immediately update your password for the breached account. Make sure the new password is strong and unique, not previously used on any other platform.
Reset Passwords for Other Accounts: If you've used the same or similar passwords for other online accounts, reset those as well. This is crucial as attackers often try using stolen passwords on multiple sites.
Enable Two-Factor Authentication (2FA): Activate 2FA on the breached account and consider enabling this additional security feature on all other important online accounts to significantly reduce the risk of unauthorized access.
Monitor Your Accounts: Keep an eye on your accounts for any suspicious activity and report any unauthorized access or transactions to the appropriate parties.
For more specific help and instructions related to 23andMe's data breach, please contact 23andMe Customer Care directly.
Where can I go to learn more?
If you want to find more information on the 23andMe data breach, check out the following news articles:
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
What happened in the 23andMe data breach?
Twingate Team
•
May 24, 2024
In October 2023, genetic testing company 23andMe experienced a data breach that exposed the personal information of millions of users. Hackers gained unauthorized access to user accounts.The exposed data included sensitive information and details from users who opted in to find and connect with genetic relatives. As a result, 23andMe now faces legal action in the form of a class-action lawsuit, accusing the company of failing to protect customer privacy.
How many accounts were compromised?
The breach compromised data for approximately 6.9 million users.
What data was leaked?
The data exposed in the breach included health predispositions, wellness reports, ancestry information, genetic traits, and personal identifiers such as names, email addresses, and phone numbers.
How was 23andMe hacked?
Hackers breached 23andMe's user data through a method called "credential stuffing," where they accessed individual accounts using recycled login credentials from other compromised websites. The company believes that less than 0.1% of its 14 million customers were directly affected, but the breach exposed information from approximately 5.5 million DNA Relatives profiles and 1.4 million Family Tree feature profiles connected to the compromised accounts. The breach lasted for five months before being discovered and addressed by the company.
23andMe's solution
In response to the hack, 23andMe implemented several security measures to protect its platform and prevent future incidents. The company required all customers to reset their passwords and introduced two-step verification for all new and existing customers. Additionally, 23andMe engaged third-party forensic experts and collaborated with federal law enforcement officials in their investigation. While the company has notified all customers of the investigation, it continues to notify impacted customers based on applicable laws.
How do I know if I was affected?
23andMe has notified customers believed to be affected by the breach. If you're a 23andMe customer and haven't received a notification, you may visit Have I Been Pwned to check your credentials.
What should affected users do?
In general, affected users should:
Change Your Password: Immediately update your password for the breached account. Make sure the new password is strong and unique, not previously used on any other platform.
Reset Passwords for Other Accounts: If you've used the same or similar passwords for other online accounts, reset those as well. This is crucial as attackers often try using stolen passwords on multiple sites.
Enable Two-Factor Authentication (2FA): Activate 2FA on the breached account and consider enabling this additional security feature on all other important online accounts to significantly reduce the risk of unauthorized access.
Monitor Your Accounts: Keep an eye on your accounts for any suspicious activity and report any unauthorized access or transactions to the appropriate parties.
For more specific help and instructions related to 23andMe's data breach, please contact 23andMe Customer Care directly.
Where can I go to learn more?
If you want to find more information on the 23andMe data breach, check out the following news articles:
Solutions
Solutions
The VPN replacement your workforce will love.
Solutions