Data from 6.9 million users leaked in 23andMe hack

The genetic testing company confirmed earlier this week that the October hack affected millions more users than initially reported. 23andMe officials originally reported that only about 14,000 customers were affected by the breach. However, the company confirmed Monday that data relating to “other users” was also stolen, for a total of 6.9 million affected users. 23andMe spokeswoman Katie Watson said millions more were affected because they opted to use one of the company’s features, which automatically shares a user’s personal information with other users. Even though millions of user accounts were not hacked individually, hackers still accessed personal data like names, birth years, and ancestry reports.

Do we know what hackers wanted with genetic information? The hacker claiming responsibility for the early October attack posted personal data from over one million users with Chinese or Jewish Ashkenazi heritage. The hacker demanded between $1 and $10 for personal information from the accounts. 23andMe blames the breach on customers re-using passwords that were exposed in other company data breaches. The company is now requiring all customers to set new passwords and is enacting a two-step verification login process.

Dig deeper: From the WORLD archives, read Michael Cochrane’s report on hackers using sound waves to breach devices.