Topics

Latest

AI

Amazon

Article image

Image Credits:David Paul Morris / Bloomberg / Getty Images

Apps

Biotech & Health

Climate

a sign outside 23andMe’s office in California, featuring the company’s office in the background

Image Credits:David Paul Morris / Bloomberg / Getty Images

Cloud Computing

Commerce

Crypto

enterprisingness

EVs

Fintech

Fundraising

Gadgets

stake

Google

Government & Policy

Hardware

Instagram

layoff

Media & Entertainment

Meta

Microsoft

Privacy

Robotics

Security

Social

Space

Startups

TikTok

Transportation

Venture

More from TechCrunch

issue

Startup Battlefield

StrictlyVC

newssheet

Podcasts

Videos

Partner Content

TechCrunch Brand Studio

Crunchboard

Contact Us

transmitted testing caller 23andMe herald on Friday that hackers accessed around 14,000 customer accounts in the companionship ’s late data breach .

In a new filing with the U.S. Securities and Exchange Commissionpublished Friday , the company say that , establish on its investigation into the incident , it had determined that hacker had accessed 0.1 % of its client base . consort to the party ’s most recent yearly earnings reputation , 23andMe has “ more than 14 million customers worldwide , ” which mean 0.1 % is around 14,000 .

But the company also said that by access those accounts , the hackers were also able-bodied to access “ a substantial bit of files take profile selective information about other users ’ blood that such users chose to portion out when opting in to 23andMe ’s DNA Relatives have . ”

The company did not specify what that “ significant number ” of files is , nor how many of these “ other exploiter ” were impact .

23andMe did not like a shot respond to a petition for comment , which included interrogative on those number .

In other October,23andMe discover an incidentin which hackers had steal some users ’ data using a usual proficiency known as “ credential stuffing , ” whereby cybercriminals hack into a dupe ’s account by using a know word , perhaps leak due to a datum breach on another service .

The damage , however , did not halt with the customers who had their accounts accessed . 23andMe allow user to prefer into a feature calledDNA Relatives . If a user opt - in to that feature , 23andMe partake in some of that user ’s selective information with others . That mean that by accessing one dupe ’s account , hackers were also able to see the personal data of masses connect to that initial dupe .

Join us at TechCrunch Sessions: AI

Exhibit at TechCrunch Sessions: AI

23andMe said in the filing that for the initial 14,000 users , the stolen data “ generally included ancestry information , and , for a subset of those accounts , health - related information based upon the user ’s genetics . ” For the other subset of drug user , 23andMe only said that the hackers steal “ profile info ” and then posted unspecified “ certain information ” online .

TechCrunch analyzed the published set of stolen data by comparing it to know public family tree records , including websites release by hobbyists and genealogists . Although the sets of data were formatted differently , they contain some of the same unparalleled user and transmitted selective information that pit genealogy records published online years earlier .

The owner of one genealogy website , for which some of their relatives ’ information was uncover in 23andMe ’s information severance , told TechCrunch that they have about 5,000 relatives discover through 23andMe , and allege our “ correlation coefficient might take that into account . ”

intelligence of the data breachsurfaced onlinein October when cyberpunk advertised the alleged data of one million users of Judaic Ashkenazi descent and 100,000 Taiwanese users on a well - known hacking meeting place . approximately two week later , the same cyberpunk who advertised the initial stolen user dataadvertised the aver book of four million more people . The cyber-terrorist was trying to sell the data of individual victims for $ 1 to $ 10 .

In reception to the data breach , on October 10 , 23andMe forced users to readjust and transfer their word and encouraged them to turn on multi - factor assay-mark . And on November 6 , the company ask all users to use two - step verification , according to the Modern filing .

After the 23andMe break , other DNA testing company Ancestry and MyHeritagestarted mandate two - factor authentication .