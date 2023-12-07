Summary: A recent cyberattack has resulted in the compromise of approximately seven million user profiles from the genetic testing firm 23andMe. The breach, which affected about 0.1% (14,000) of the company’s user accounts, allowed hackers to access sensitive information such as ancestry reports, zip codes, and birth years. The hackers also targeted the DNA Relatives feature, accessing around 5.5 million profiles and a subset of family tree information for 1.4 million DNA Relatives profiles. The breach signifies yet another instance of major US corporations falling victim to hackers, with the actual number of affected individuals far surpassing initial reports. The hackers employed a technique known as credential stuffing, using reused usernames and passwords from other websites to gain unauthorized access to 23andMe customer accounts.

In response to the attack, 23andMe has conducted a thorough investigation with the assistance of external forensic experts. They are now in the process of notifying affected customers as required by law. To enhance data security measures, the company has taken several proactive steps, including mandating all existing customers to reset their passwords and implementing two-step verification for both new and existing customers.

The breach showcases the ongoing risks and challenges faced in the digital age, where personal data is increasingly vulnerable to exploitation by cybercriminals. As technology advances, individuals and organizations must remain vigilant in safeguarding sensitive information. This incident serves as a reminder for users to regularly update their passwords, avoid reusing them across multiple platforms, and enable additional security measures like two-step verification whenever possible.

It is crucial for companies to continually invest in robust cybersecurity measures, employing cutting-edge technologies and adopting best practices to mitigate the risk of unauthorized access and data breaches. By prioritizing user privacy and data security, organizations can maintain the trust of their customers and effectively counter the ever-evolving threat landscape.