23andMe user data leaked

Your new 23andMe results just came in! 80% Scotch-Irish. 20% Greek. 100% hacked.

What happened: Popular genetic testing website 23andMe is requiring users to reset their passwords after the personal information and details around the genetic ancestry of up to 7 million people leaked last week. Hackers are now trying to sell the data on the dark web.

How they did it: Hackers broke into accounts using previously leaked logins from other sites (don’t re-use your passwords, folks). They then scraped data from users who had shared genetic info with the breached accounts through the DNA Relatives feature. 

Why it matters: The data in these leaks are a whole ‘nother level of sensitive compared to the info in a typical data breach. Genetic info can be used for racial-ethnic targeting and, as The Conversation points out, can’t be changed like a bank PIN if something goes wrong.  

  • The messageboard posts selling the stolen data specifically advertised “1 million lines of data” for Ashkenazi Jewish people and hundreds of thousands for ethnic Chinese people — two groups that have continued to be targets of hate crime. 

Bottom line: Genetic testing companies have accrued millions of users, who have not just given up troves of sensitive data but have been encouraged to share it to get more accurate results — a practice that will now be called into question, one analyst told WIRED.—QH